Generate DAST HTML report outside of the DAST analyzer
Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.
Proposal
Currently, the HTML report for DAST is generated from the ZAP analyzer when the DAST_HTML_REPORT variable is enabled by providing a file name for the report. Since we are switching to our new browser-based analyzer, the HTML report does not include all the vulnerabilities that were found with the new analyzer. This has already caused issues for customers, since the different reports will show a different number of vulnerabilities.
Instead of creating the HTML report from the engine, we should create it outside of any specific engine. This way, it can capture all vulnerabilities that are found by the analyzers and give an accurate representation in this type of report.