Allow custom Zest scripts in DAST scans

Problem to solve

For tricky security defects that would be difficult or impossible for SAST, DAST, or fuzzing to pick up, we need a way to prevent such defects from accidentally being reintroduced after remediation.

See this GitLab security blog post for more details.

Intended users

• Sasha (Software Developer)

Further details

Zest

Proposal

TBD

Permissions and Security

TBD

Documentation

Testing

What does success look like, and how can we measure that?

What is the type of buyer?

Links / references