Disable second target probe for Browserker
What does this MR do?
The Browserker scan expects all requests to include the dast_scan=browserker cookie, however the second target probe made by DAST creates a request that does not include the cookie. This is problematic because aggregated vulnerabilities takes the evidence from the first alert, which in some cases is from the request made by the probe. This means the Browserker evidence is lost.
Since the second probe is to be removed in %14.0 it's not required for the Browserker scan, this MR removes the second probe for Browserker scans.
What are the relevant issue numbers?
gitlab-org/gitlab#254043 (closed)
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for GitLab EE, if necessary -
Documentation created/updated for this project, if necessary -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Job definition updated, if necessary -
Job definition example -
Vendored CI Templates (also in CE)
-
-
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports checked/validated by reviewer
Edited by Craig Smith