Upgrade ZAP version to latest stable release 2.12
What does this MR do?
- Upgrades ZAP to the latest stable release 2.12.0
- Upgrade ZAP addons to their latest versions
- Filter
certificate_unknown
error from DAST logs
As part of the ZAP addon upgrade, pscan beta is upgraded to v31. In this upgrade the following new rules have been promoted from the alpha addon to the beta addon:
- Content Cacheable - https://www.zaproxy.org/docs/alerts/10049/
- In Page Banner Info Leak - https://www.zaproxy.org/docs/alerts/10009/
- JS Function - https://www.zaproxy.org/docs/alerts/10110/
- JSO - https://www.zaproxy.org/docs/alerts/90002/
- Permissions Policy - https://www.zaproxy.org/docs/alerts/10063/
- Sub Resource Integrity Attribute - https://www.zaproxy.org/docs/alerts/90003/
Of these, three have been disabled:
- https://www.zaproxy.org/docs/alerts/10049/
- https://www.zaproxy.org/docs/alerts/10110/
- https://www.zaproxy.org/docs/alerts/10063/
This is based on !667 (comment 1187200457)
What are the relevant issue numbers?
- https://gitlab.com/gitlab-org/gitlab/-/issues/377401
- https://gitlab.com/gitlab-org/security-products/dependencies/zap-extensions/-/issues/2
- https://gitlab.com/gitlab-org/security-products/dependencies/zap-extensions/-/issues/3
GitLab Docs MR
Edited by Craig Smith