Add support for using custom request headers
What does this MR do?
When accessing an API during a DAST scan there is often a requirement to authenticate using request headers. This MR allows the user to supply header name/value pairs. These will be applied to every request made by ZAP to the API. For example:
include:
- template: DAST.gitlab-ci.yml
variables:
DAST_WEBSITE: https://example.com/api-specification.yml
DAST_API_SPEC_FORMAT: openapi
DAST_REQUEST_HEADERS: "Authorization: Bearer 123456789,Accept: */*"
Note that adding request headers should apply to all ZAP requests, not just those made in an API scan.
What are the relevant issue numbers?
gitlab-org/gitlab#10928 (closed)
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for GitLab EE, if necessary -
Documentation created/updated for this project, if necessary -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Job definition updated, if necessary -
Job definition example -
Vendored CI Templates (also in CE)
-
-
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports checked/validated by reviewer
Edited by Cameron Swords