logto/.zap/rules.conf

# Mark the following rules as IGNORE

# CloudFlare will block the metadata endpoint access
90034	IGNORE	(Cloud Metadata Potentially Exposed - Active/release)

# Not applicable to the cloud appliaction
10096	IGNORE	(Timestamp Disclosure - Passive/release)
40039	IGNORE	(Web Cache Deception)

# TODO 
10063	IGNORE	(Permissions Policy Header Not Set - Passive/beta)

# The applicationInsights endpoint will be removed
10055	IGNORE	(CSP - Wildcard Directive)

# Experience app is rendered under the root path. No hidden files are exposed. A 404 experience page will be returned.
40035	IGNORE	(Hidden File Found - Active/release)
fix: replace INFO with IGNORE in zap rules (#4285) * fix: replace INFO with IGNORE replace INFO with IGNORE * fix: update the rules update the rules 2023-08-10 04:19:40 -05:00			`# Mark the following rules as IGNORE`
ci(core): disable cloud metadata rule in zap (#4277) * ci(core): disable cloud metadata rule in zap disable cloud metadata rule in zap * fix: update rule files update rule files * fix: update the conf file update the conf file * fix: revert docker settings revert docker settings 2023-08-02 21:17:14 -05:00
			`# CloudFlare will block the metadata endpoint access`
fix: replace INFO with IGNORE in zap rules (#4285) * fix: replace INFO with IGNORE replace INFO with IGNORE * fix: update the rules update the rules 2023-08-10 04:19:40 -05:00			`90034 IGNORE (Cloud Metadata Potentially Exposed - Active/release)`
ci(core): disable cloud metadata rule in zap (#4277) * ci(core): disable cloud metadata rule in zap disable cloud metadata rule in zap * fix: update rule files update rule files * fix: update the conf file update the conf file * fix: revert docker settings revert docker settings 2023-08-02 21:17:14 -05:00
fix: replace INFO with IGNORE in zap rules (#4285) * fix: replace INFO with IGNORE replace INFO with IGNORE * fix: update the rules update the rules 2023-08-10 04:19:40 -05:00			`# Not applicable to the cloud appliaction`
			`10096 IGNORE (Timestamp Disclosure - Passive/release)`
			`40039 IGNORE (Web Cache Deception)`

			`# TODO`
			`10063 IGNORE (Permissions Policy Header Not Set - Passive/beta)`

			`# The applicationInsights endpoint will be removed`
			`10055 IGNORE (CSP - Wildcard Directive)`
chore: ignore the hidden file found zap alert (#5786) ignore the hidden file found zap alert 2024-04-24 05:52:57 -05:00
			`# Experience app is rendered under the root path. No hidden files are exposed. A 404 experience page will be returned.`
fix: fix zap config file syntax (#5790) fix zap config file syntax 2024-04-24 07:41:14 -05:00			`40035 IGNORE (Hidden File Found - Active/release)`