Add crawl graph to scan artifacts
Problem to solve
When the browser-based DAST scanned is used through DAST to scan a Single Page Application, the URLs scanned are not shown in the gl-dast-report.json
. This is because those URLs do not require a request or response and so while they are scanned, they aren't part of scanned_resources
.
Proposal
To better communicate to customers what the analyzer has scanned, generate the Crawl Graph SVG file and add it as an artifact to the DAST build.
Note: The scanner creates a dot file, not an SVG file. The complete this issue the scanner must also perform that conversion, however, installing the software to do that could make the docker image prohibitively large. Spike to see how much larger the image would be with the required conversion software.
Edited by Craig Smith