gitlab-org/security-products/dast v2.12.0

on GitLab

Changes

• User must supply Mutual TLS client certificate as a base64 encoded variable DAST_PKCS12_CERTIFICATE_BASE64 (!556)
• Aggregate findings found by the Content Security Policy rule (!558)
• Mutual TLS client certificates can have an empty password (!557)
• Upgrade Browserker to version 0.0.58 (!559)
  • Remove duplicate URLs in Secure report vulnerabilities[].details.urls.items[] browserker!424
  • Ensure Secure report field vulnerabilities[] is never null browserker!424
  • Ensure Secure report field vulnerabilities[].links is never null browserker!424
  • Sort findings prior to Secure report generation for more deterministic results browserker!429
  • Upgrade vulnerability checks to version 1.0.0 browserker!418
    • Add 548.1 dast-cwe-checks!45
    • Add execution mode once_per_path_excluding_last_segment dast-cwe-checks!49
    • Remove execution modes once_per_file and once_per_request dast-cwe-checks!49
    • Add request_path_excluding_last_segment as match location dast-cwe-checks!49
    • Add 200.1 dast-cwe-checks!50
• Upgrade Browserker to version 0.0.59 (!559)
  • Add support for requirement matchers in vulnerability checks browserker!437
  • Add support for has-response requirement matcher in vulnerability checks browserker!437
  • Add Crawl Report browserker!384
• Add DAST_BROWSER_CRAWL_REPORT to generate a report showing the screenshots visited during crawl phase (!559)

Docker Images

• registry.gitlab.com/security-products/dast:2.12.0