Rails codebase depends on DAST Common Report Format
Problem to solve
The DAST tool is migrating from a custom ZAProxy format to use the Common Report Format. This will enable the Secure team to reuse key parts of our codebase.
The migration has three stages:
- DAST will create a
gl-dast-report.json
report containing the legacy ZAProxy fields and the Common Report Fields. #14053 (closed) - The GitLab Rails codebase will use the Common Report Format for DAST instead of the ZAProxy fields. #33913 (closed)
- DAST will remove the legacy ZAProxy fields from the report. #33915 (closed)
This issue represents step 2. of the migration.
Places to change
- The backend logic to display the difference in vulnerabilities in an MR should be based on the Common Report Format
Edited by Cameron Swords