Integrate DAST properties into the Security Products Common format

Problem to solve

The Common project defines an API for Security Products to generate a common report format. This Go library is not yet leveraged by DAST and we currently don't document its specificities about the report format.

Target audience

Delaney, Development Team Lead, https://design.gitlab.com/research/personas#persona-delaney
Sasha, Software Developer, https://design.gitlab.com/research/personas#persona-sasha

Further details

Before communicating publicly our report format, we need to make sure it covers all our usages.

Proposal

Improve the common library to allow it to build a DAST compatible report, and document the expected output format.

What does success look like, and how can we measure that?

One can use the common library to generate a DAST report, that can be processed by GitLab rails backend.

What is the type of buyer?

GitLab Ultimate

Links / references

&810 (closed)

Implementation plan

Design the mapping between the DAST ZAP tool report format and common reports format
~~[ ] Document the report format for DAST (in a way similar to SAST and DS)~~ Extracted into a separate issue
Enhance the common library report entities with properties to hold the DAST tool data
~~[ ] Enhance the GitLab Rails app report entities and database with properties to hold the DAST tool data (if necessary, needs discussion)~~

Edited Jun 24, 2019 by Victor Zagorodny