Enable Browser Based DAST Scan to generate secure reports from DAST
What does this MR do?
This MR adds the feature flag --ff-browser-passive-scan-mode that when set to true, switches the Browser Based DAST Scan ScanMode to passive rather than crawl, and turns on secure report generation within the Browser Based DAST scan.
Adding this feature flag will allow for easier development and testing when merging the secure reports generated by DAST and the Browser Based DAST scan.
This MR also takes the first step towards merging both reports by adding the BrowserScanResult object. When BrowserkerScan.run completes it returns a list of URLs that were scanned for the DAST report. Adding the BrowserScanResult makes it easier for BrowserkerScan.run to return vulnerabilities, which it'll need to do for merging the reports in a subsequent MR.
Finally, this MR also moves BrowserkerScan from src/services/browserker/browserker_scan.py → src/services/browserker_scan.py. I've made this change because including the BrowserkerScanResult in the BrowserkerScan from the same directory caused a circular dependency error.
What are the relevant issue numbers?
gitlab-org/gitlab#331186 (closed)