Show the list of resources scanned by DAST
Problem to solve
DAST runs against a target application, and it scans many resources. The list of those scanned resources is valuable for customers to figure out if the coverage is enough, or if some section of the app has been skipped.
We should provide this list in the DAST report.
- Sam, Security Analyst
This information depends on the underlying tool that we use (currently, ZAProxy). We need to abstract that and provide a report format that we can manage.
List the resources scanned by DAST and report them along with the DAST vulnerability list. This information can be available for download in the UI.
|In the MR||in the Pipelines view|
|Shows scanned URL count in the UI with a link to the DAST job log||<|
- View more details will take the user to the DAST job log where URL scanning information is present.
- IF DAST doesn't run: Dast section will not appear
- IF DAST runs and does not return any vulnerability findings: URL count and link to job log will still appear.
Permissions and Security
Users with permissions to see DAST results are also allowed to see the list of scanned resources.