Upgrade ZAP version to latest stable release 2.12 (!667) · Merge requests · GitLab.org / security-products / dast

Craig Smith requested to merge upgrade_zap into main Nov 08, 2022

What does this MR do?

Upgrades ZAP to the latest stable release 2.12.0
Upgrade ZAP addons to their latest versions
Filter certificate_unknown error from DAST logs

As part of the ZAP addon upgrade, pscan beta is upgraded to v31. In this upgrade the following new rules have been promoted from the alpha addon to the beta addon:

Content Cacheable - https://www.zaproxy.org/docs/alerts/10049/
In Page Banner Info Leak - https://www.zaproxy.org/docs/alerts/10009/
JS Function - https://www.zaproxy.org/docs/alerts/10110/
JSO - https://www.zaproxy.org/docs/alerts/90002/
Permissions Policy - https://www.zaproxy.org/docs/alerts/10063/
Sub Resource Integrity Attribute - https://www.zaproxy.org/docs/alerts/90003/

Of these, three have been disabled:

https://www.zaproxy.org/docs/alerts/10049/
https://www.zaproxy.org/docs/alerts/10110/
https://www.zaproxy.org/docs/alerts/10063/

This is based on !667 (comment 1187200457)

What are the relevant issue numbers?

https://gitlab.com/gitlab-org/gitlab/-/issues/377401
https://gitlab.com/gitlab-org/security-products/dependencies/zap-extensions/-/issues/2
https://gitlab.com/gitlab-org/security-products/dependencies/zap-extensions/-/issues/3

GitLab Docs MR

Edited Nov 28, 2022 by Craig Smith

Upgrade ZAP version to latest stable release 2.12

What does this MR do?

What are the relevant issue numbers?

GitLab Docs MR

Merge request reports