0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2024-12-16 21:56:37 -05:00
zot/.zap/rules.tsv
Andrei Aaron 5968e7199f
test(ui): add owasp zap scanner in ci/cd (#1224)
(cherry picked from commit 6d03ce5f2d)

Additional changes on top of: 6d03ce5f2d
- Build and use zot from the same branch
do not use a container image as scan target, use the binary
- Fix typo in rules filename
- Add the full rule list to the rules config file
- Ignore some of the specific rules and add reasons
- Add security-related headers to fix some of the issues identified by the scan
- Update UI it includes the latest fixes for zap scan issues

Signed-off-by: Andrei Aaron <aaaron@luxoft.com>
Co-authored-by: Ramkumar Chinchani <rchincha@cisco.com>
2023-02-27 11:25:47 -08:00

3.4 KiB

1# zap-baseline rule configuration file
2# Change WARN to IGNORE to ignore rule or FAIL to fail if rule matches
3# Only the rule identifiers are used - the names are just for info
4# You can add your own messages to each rule by appending them after a tab on each line.