Infrastructure/zot

mirror of https://github.com/project-zot/zot.git synced 2024-12-16 21:56:37 -05:00

Author SHA1 Message Date

Author	SHA1	Message	Date
Andrei Aaron	e63faa8898	fix(csp): upgrade UI and fix zap failure (#1372 ) The zap scanner started to check the csp header, which is causing a warning. We also need to ignore the rule, as both settings are read by the scanner. Per https://w3c.github.io/webappsec-csp/#example-7bb4ce67 we can have multiple Content-Security-Policy headers, and the most restrictive policies apply. This rule doesn't seem to be applied by zap. Signed-off-by: Andrei Aaron <aaaron@luxoft.com>	2023-04-13 13:48:09 -07:00
Andrei Aaron	5968e7199f	test(ui): add owasp zap scanner in ci/cd (#1224 ) (cherry picked from commit `6d03ce5f2d`) Additional changes on top of: `6d03ce5f2d` - Build and use zot from the same branch do not use a container image as scan target, use the binary - Fix typo in rules filename - Add the full rule list to the rules config file - Ignore some of the specific rules and add reasons - Add security-related headers to fix some of the issues identified by the scan - Update UI it includes the latest fixes for zap scan issues Signed-off-by: Andrei Aaron <aaaron@luxoft.com> Co-authored-by: Ramkumar Chinchani <rchincha@cisco.com>	2023-02-27 11:25:47 -08:00

Andrei Aaron

e63faa8898

fix(csp): upgrade UI and fix zap failure (#1372 )

The zap scanner started to check the csp header, which is causing a warning.

We also need to ignore the rule, as both settings are read by the scanner.

Per https://w3c.github.io/webappsec-csp/#example-7bb4ce67 we can have multiple
Content-Security-Policy headers, and the most restrictive policies apply.
This rule doesn't seem to be applied by zap.

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>

2023-04-13 13:48:09 -07:00

Andrei Aaron

5968e7199f

test(ui): add owasp zap scanner in ci/cd (#1224 )

(cherry picked from commit 6d03ce5f2d)

Additional changes on top of: 6d03ce5f2d
- Build and use zot from the same branch
do not use a container image as scan target, use the binary
- Fix typo in rules filename
- Add the full rule list to the rules config file
- Ignore some of the specific rules and add reasons
- Add security-related headers to fix some of the issues identified by the scan
- Update UI it includes the latest fixes for zap scan issues

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
Co-authored-by: Ramkumar Chinchani <rchincha@cisco.com>

2023-02-27 11:25:47 -08:00

2 commits