Dockerfile Optimizations for DAST and Browserker
To make the Dockerfile more clean and smaller:
- Replace Firefox with Chrome (for Browserker)
- Don't use Ubuntu as the base image (a slim version of Debian would be preferred)
Technical Details
Replace Firefox with Chrome
- Leave Firefox on the Docker image (for now)
- Configure ZAP Crawljax to use Chrome, not Firefox.
- it's not clear yet how this is done - probably start by looking for options we can pass to ZAP in
ZAPServer - This should be under the feature flag. i.e.
if config.dast_major_version > 1 selenium = "--selenium... chrome" else selenium = "--selenium... firefox"
- it's not clear yet how this is done - probably start by looking for options we can pass to ZAP in
- Ensure
ZapWebdriveruses Chrome, not Firefox.
Use Debian, not Ubuntu
- Create a Future release of Browserker. Follow the example in gitlab-org/security-products/dast!373 (merged)
- This might already be done by the time this issue is worked on
- Update the future release of Browserker to use Debian, not Ubuntu (more on this in a moment).
- Update the
build futureDAST job to depend on the future release of Browserker, i.e.script: ... - docker build --build-arg BUILDING_FOR=future --build-arg=$BROWSERKER_IMAGE -t $IMAGE . ... variables: BROWSERKER_IMAGE="registry.gitlab.com/gitlab-org/security-products/analyzers/dast/browserker:1.0.0-alpha" - Write an end-to-end test that only runs on CI and runs a smoke test of the DAST alpha image running Chrome/Debian
To do
-
Use Chrome for ZAP Crawljax and ZapWebdrivergitlab-org/security-products/dast!394 (merged) -
Use a slim version of Debian for Browserker's base image#289962 (comment 517372621) -
Add an end-to-end test for DAST future so the new Chrome and Debian build is tested -
Create an issue for removing Firefox and Ubuntu after the DAST 2.0 release
Edited by Avielle Wolfe