API Fuzzing reports fail to validate
Problem
API Fuzzing reports fail to validate schemas, when VALIDATE_SCHEMA=true
and throw an error on the vulnerability dashboard.
In 15.0 validation will be required, see &6968 (closed)
Based on an investigation by @minac, the cause is that API Fuzzing reports are looking for api-fuzzing-report-format.json which currently does not exist in the monolith..
Solution
-
Update the monolith to validate against the DAST schema if the report is API Fuzzing.
Previously Proposed Solution
- [ ] Publish an api-fuzzing-report-format.json file and version the file in each respective folder.Since this is currently the same as the dast-report-format.json, the files will have the same content.
-
Update security report schema project with api-fuzzing document. -
Add a spec test for this issue -
Add a spec test to verify dast schema and api fuzzing schema are the same (check version #)
Edited by Seth Berger