Commit Graph

4 Commits

Author SHA1 Message Date
Andreea Lupu
029f01ac6e
feat(ui): update zui version (#2162)
It includes the changes for exporting the vulnerabilities list(CSV/MS Excel)

Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com>
2024-01-17 17:22:33 +02:00
Andrei Aaron
46ee330b2a
feat(zui): update to zui supporting social login (#1639)
Also ignore issues related to https://developer.mozilla.org/en-US/docs/Glossary/Fetch_metadata_request_header
It is not clear what the zap tool expectations are from the zot server, as these headers are supposed to be set by the zot client.

As a separate not ZUI sets these headers, but for some reason the scan expects them when scanning zot minimal without the UI

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2023-07-21 12:50:41 -07:00
Andrei Aaron
e63faa8898
fix(csp): upgrade UI and fix zap failure (#1372)
The zap scanner started to check the csp header, which is causing a warning.

We also need to ignore the rule, as both settings are read by the scanner.

Per https://w3c.github.io/webappsec-csp/#example-7bb4ce67 we can have multiple
Content-Security-Policy headers, and the most restrictive policies apply.
This rule doesn't seem to be applied by zap.

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
2023-04-13 13:48:09 -07:00
Andrei Aaron
5968e7199f
test(ui): add owasp zap scanner in ci/cd (#1224)
(cherry picked from commit 6d03ce5f2db73e43343637b3af7e2ab3d5a1ed79)

Additional changes on top of: 6d03ce5f2db73e43343637b3af7e2ab3d5a1ed79
- Build and use zot from the same branch
do not use a container image as scan target, use the binary
- Fix typo in rules filename
- Add the full rule list to the rules config file
- Ignore some of the specific rules and add reasons
- Add security-related headers to fix some of the issues identified by the scan
- Update UI it includes the latest fixes for zap scan issues

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
Co-authored-by: Ramkumar Chinchani <rchincha@cisco.com>
2023-02-27 11:25:47 -08:00