New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CCM-5987: update zap to 2.15.0 #841

Merged

lapenna-bjss merged 14 commits into release from bugfix/ccm-5987-fix-jython-errors

Jan 6, 2025

Contributor

lapenna-bjss commented Dec 19, 2024 •

edited by Kennedy1265

Loading

Summary

This PR resolves issues caused by specific ZAP add-ons. The communityScripts were triggering errors that appeared to be Jython-related, and the wappalyzer add-on incorrectly flagged HSTS as a failure, even though it should only be informational. To address this, the entire packpentester package, which includes wappalyzer, had to be uninstalled, as the tool cannot be uninstalled individually.

Successful Zap scan:
https://dev.azure.com/NHSD-APIM/API%20Platform/_build/results?buildId=275770&view=results

Reviews Required

Dev
Test
Tech Author
Product Owner

Checklist

Brief description of work completed, and any technical decisions made as part of the PR
PR link added as a comment to the relevant JIRA ticket
PR link shared on Slack and/or Teams
2 reviews received
Tester approval


          CCM-5987: update zap to 2.15.0

6aeec06

github-actions bot commented Dec 19, 2024

This branch is work on a ticket in the NHS Digital APM JIRA Project. Here's a handy link to the ticket:

CCM-5987


          CCM-5987: run zap in debug mode

1a934e4

github-actions bot commented Dec 19, 2024

This branch is work on a ticket in the NHS Digital APM JIRA Project. Here's a handy link to the ticket:

CCM-5987


          CCM-5987: remove communityScripts add-on to avoid errors

063deaf

github-actions bot commented Dec 30, 2024

This branch is work on a ticket in the NHS Digital APM JIRA Project. Here's a handy link to the ticket:

CCM-5987


          CCM-5987: set Tech Detection Passive Scanner to INFO

5288cd9

github-actions bot commented Dec 30, 2024

This branch is work on a ticket in the NHS Digital APM JIRA Project. Here's a handy link to the ticket:

CCM-5987


          CCM-5987: set Tech Detection rule to info

40ba7f5

github-actions bot commented Dec 30, 2024

This branch is work on a ticket in the NHS Digital APM JIRA Project. Here's a handy link to the ticket:

CCM-5987


          CCM-5987: set Tech Detection rule to off

89b969e

github-actions bot commented Dec 30, 2024

This branch is work on a ticket in the NHS Digital APM JIRA Project. Here's a handy link to the ticket:

CCM-5987


          CCM-5987: remove pscanrulesBeta add-on to avoid errors

7e3e039

github-actions bot commented Dec 30, 2024

This branch is work on a ticket in the NHS Digital APM JIRA Project. Here's a handy link to the ticket:

CCM-5987


          CCM-5987: remove wappalyzer add-on to avoid errors

758ddc9

github-actions bot commented Dec 30, 2024

This branch is work on a ticket in the NHS Digital APM JIRA Project. Here's a handy link to the ticket:

CCM-5987


          CCM-5987: remove add-ons to avoid errors

5e4c891

github-actions bot commented Jan 2, 2025

This branch is work on a ticket in the NHS Digital APM JIRA Project. Here's a handy link to the ticket:

CCM-5987


          CCM-5987: testing remove add-ons to avoid errors

9246d3e

github-actions bot commented Jan 2, 2025

This branch is work on a ticket in the NHS Digital APM JIRA Project. Here's a handy link to the ticket:

CCM-5987


          CCM-5987: testing fail on warning set to false

703f7b1

github-actions bot commented Jan 3, 2025

This branch is work on a ticket in the NHS Digital APM JIRA Project. Here's a handy link to the ticket:

CCM-5987


          CCM-5987: remove add-ons causing pipeline failures

bf6751e

github-actions bot commented Jan 3, 2025

This branch is work on a ticket in the NHS Digital APM JIRA Project. Here's a handy link to the ticket:

CCM-5987


          CCM-5987: remove add-ons causing pipeline failures

308b865

github-actions bot commented Jan 3, 2025

This branch is work on a ticket in the NHS Digital APM JIRA Project. Here's a handy link to the ticket:

CCM-5987


          CCM-5987: remove wappalyzer add-on

fd4a193

github-actions bot commented Jan 3, 2025

This branch is work on a ticket in the NHS Digital APM JIRA Project. Here's a handy link to the ticket:

CCM-5987

lapenna-bjss marked this pull request as ready for review

January 3, 2025 14:38

tdroza-nhs approved these changes

View reviewed changes

simonlabarere approved these changes

View reviewed changes

Kennedy1265 approved these changes

View reviewed changes

lapenna-bjss merged commit ba9511a into release

7 checks passed

lapenna-bjss deleted the bugfix/ccm-5987-fix-jython-errors branch

January 6, 2025 11:00

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet