Remove excluded passive scan rules (!721) · Merge requests · GitLab.org / security-products / dast

Cameron Swords requested to merge exclude-replaced-active-scan-rules into main Jan 26, 2023

What does this MR do?

Enables browser-based active checks when the feature flag DAST_FF_ENABLE_BROWSER_BASED_ATTACKS is set to true. Enabling a browser-based check automatically disables the equivalent ZAP active check from the scan.

Currently, the only browser-based active check that would be enabled is check 22.1. Other active checks that are written and untested are considered "alpha" checks. Setting the feature flag DAST_FF_ENABLE_BROWSER_BASED_ALPHA_ATTACKS to true will enable all of the browser-based active checks, alpha and otherwise.

What are the relevant issue numbers?

Run Browserker active checks in DAST (gitlab-org/gitlab#389219 - closed)

Edited Feb 09, 2023 by Cameron Swords

Remove excluded passive scan rules

What does this MR do?

What are the relevant issue numbers?

Merge request reports