Optionally replace the traditional spiders with Browserker
What does this MR do?
Allows the user to crawl a website using Browserker.
This is achieved by specifying --browserker-scan
or DAST_BROWSERKER_SCAN=true
as configuration options. When specified, traditional and ajax spiders will not execute.
No changelog entry will be added, as the feature is alpha and incomplete. The following MR will start ZAP on a known port so that content crawled by Browserker is scanned by ZAP. Future MRs will also improve the end to end tests.
What are the relevant issue numbers?
Partly resolves issue https://gitlab.com/gitlab-org/security-products/analyzers/browserker/-/issues/4.
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for GitLab EE, if necessary -
Documentation created/updated for this project, if necessary -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Job definition updated, if necessary -
Job definition example -
Vendored CI Templates (also in CE)
-
-
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports checked/validated by reviewer
Edited by Cameron Swords