Enable Browser Based DAST Scan to generate secure reports from DAST
What does this MR do?
This MR adds the feature flag --ff-browser-passive-scan-mode
that when set to true
, switches the Browser Based DAST Scan ScanMode
to passive
rather than crawl
, and turns on secure report generation within the Browser Based DAST scan.
Adding this feature flag will allow for easier development and testing when merging the secure reports generated by DAST and the Browser Based DAST scan.
This MR also takes the first step towards merging both reports by adding the BrowserScanResult
object. When BrowserkerScan.run
completes it returns a list of URLs that were scanned for the DAST report. Adding the BrowserScanResult
makes it easier for BrowserkerScan.run
to return vulnerabilities
, which it'll need to do for merging the reports in a subsequent MR.
Finally, this MR also moves BrowserkerScan
from src/services/browserker/browserker_scan.py → src/services/browserker_scan.py
. I've made this change because including the BrowserkerScanResult
in the BrowserkerScan
from the same directory caused a circular dependency error.
What are the relevant issue numbers?
gitlab-org/gitlab#331186 (closed)