Load external JS and CSS resources (!415) · Merge requests · GitLab.org / security-products / dast

Avielle Wolfe requested to merge include-urls-from-external-websites into master Mar 26, 2021

What does this MR do?

This MR configures ZAP to load external JS and CSS resources so it can successfully spider sites that have dynamic links that don't work without those resources.

It also configures ZAP to only passively scan responses from resources "within scope", meaning in the same domain as the target. This prevents ZAP from scanning for vulnerabilities from the external resources

What are the relevant issue numbers?

gitlab-org/gitlab#235677 (closed)

Edited Apr 01, 2021 by Avielle Wolfe

Load external JS and CSS resources

What does this MR do?

What are the relevant issue numbers?

Merge request reports