From 2d47ee58f5302a5fad841af77a4820401d89491a Mon Sep 17 00:00:00 2001 From: Maaike Date: Mon, 24 Jun 2024 16:41:01 +0200 Subject: [PATCH] don't fail on warnings, ignore other low risk --- .github/workflows/zaproxy.yml | 4 +++- .zap/rules.tsv | 3 +++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/workflows/zaproxy.yml b/.github/workflows/zaproxy.yml index 74d0a5629..63be53b24 100644 --- a/.github/workflows/zaproxy.yml +++ b/.github/workflows/zaproxy.yml @@ -35,4 +35,6 @@ jobs: uses: zaproxy/action-baseline@v0.12.0 with: target: 'http://localhost' - rules_file_name: '.zap/rules.tsv' \ No newline at end of file + rules_file_name: '.zap/rules.tsv' + cmd_options: '-I' + allow_issue_writing: 'false' \ No newline at end of file diff --git a/.zap/rules.tsv b/.zap/rules.tsv index 56741ad20..2e58035e8 100644 --- a/.zap/rules.tsv +++ b/.zap/rules.tsv @@ -17,3 +17,6 @@ 10049 IGNORE Non-Storable Content Informational 10112 IGNORE Session Management Response Identified Informational 10049 IGNORE Storable and Cacheable Content Informational +10009 IGNORE In Page Banner Information Leak Low +10036 IGNORE "Server Leaks Version Information via ""Server"" HTTP Response Header Field" Low +10110 IGNORE Dangerous JS Functions Low