Skip to content

Rails codebase depends on DAST Common Report Format

Problem to solve

The DAST tool is migrating from a custom ZAProxy format to use the Common Report Format. This will enable the Secure team to reuse key parts of our codebase.

The migration has three stages:

  1. DAST will create a gl-dast-report.json report containing the legacy ZAProxy fields and the Common Report Fields. #14053 (closed)
  2. The GitLab Rails codebase will use the Common Report Format for DAST instead of the ZAProxy fields. #33913 (closed)
  3. DAST will remove the legacy ZAProxy fields from the report. #33915 (closed)

This issue represents step 2. of the migration.

Places to change

  • The backend logic to display the difference in vulnerabilities in an MR should be based on the Common Report Format
Edited by Cameron Swords