Send via header with all DAST requests
What does this MR do?
This MR forces ZAP to add the following header to all requests:
Via: GitLab DAST/ZAP v1.50.0 (where 1.50.0 is the current DAST version)
When a Browserker scan is run, Browserker also adds a Via header. Due to a limitation of the ZAP replacer plugin, this is unfortunately overwritten by this header. To help engineers/users understand which system made a request, DAST configures Browserker to add the following header to requests it sends:
Via-Scanner: Browserker
What are the relevant issue numbers?
gitlab-org/gitlab#327564 (closed)
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for GitLab EE, if necessary -
Documentation created/updated for this project, if necessary -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Job definition updated, if necessary -
Job definition example -
Vendored CI Templates (also in CE)
-
-
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports checked/validated by reviewer