Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Schema design for Scanners to evaluate themselves #44

Open
preetkaran20 opened this issue Aug 21, 2021 · 0 comments
Open

Schema design for Scanners to evaluate themselves #44

preetkaran20 opened this issue Aug 21, 2021 · 0 comments
Labels
Analysis documentation Improvements or additions to documentation enhancement New feature or request

Comments

@preetkaran20
Copy link
Member

The current schema has few issues like there are no flags like URLs etc to validate vulnerabilities found by scanners.
Have a look at: https://github.com/zapbot/zap-mgmt-scripts/tree/master/vulnerableApp for more information.

We either need to add another endpoint like scanners that contain the flags or we need to introduce the flags in the same VulnerabilityDefinitions schema.

While designing we need to consider not only DAST but also SAST tools.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Analysis documentation Improvements or additions to documentation enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@preetkaran20