Remove the legacy way of using DAST
Overview
A prior version of DAST had an entry point that were exposed ZAP Python files. The recent version of DAST recommends that clients directly call /analyze
, similar to many of the others Secure tools.
Note that to get this in by 13.0
it should be deprecated by 12.9
/12.10
.
Proposal
- We add to our documents (before this issue is played) and explicitly deprecate the usage of our docker image with the above commands as the entry point.
- In a breaking release (e.g. 13.0), we stop providing support to each of these entry points.
Legacy entrypoints
/zap/zap-baseline.py
/zap/zap-full-scan.py
/zap/zap-api-scan.py
Technical
- As part of this change, we will no longer have to copy our DAST Python code directly into the ZAP codebase. This is bad practice, as there may be naming collisions.
Edited by Cameron Swords