ZAP Scan Baseline Report
github-actions opened this issue · 2 comments
github-actions commented
- Site: http://localhost:8090
New Alerts- Absence of Anti-CSRF Tokens [10202] total: 4:
- http://localhost:8090/dist/vendor.js?v=qu218QMvD0Ltn0mgDoEdPG0D5NLwxqKnJKchnoWIIHQ
- http://localhost:8090/dist/vendor.js?v=qu218QMvD0Ltn0mgDoEdPG0D5NLwxqKnJKchnoWIIHQ
- http://localhost:8090/dist/vendor.js?v=qu218QMvD0Ltn0mgDoEdPG0D5NLwxqKnJKchnoWIIHQ
- http://localhost:8090/dist/vendor.js?v=qu218QMvD0Ltn0mgDoEdPG0D5NLwxqKnJKchnoWIIHQ
- Content Security Policy (CSP) Header Not Set [10038] total: 2:
- Sub Resource Integrity Attribute Missing [90003] total: 2:
- Vulnerable JS Library [10003] total: 2:
- Cross-Domain JavaScript Source File Inclusion [10017] total: 2:
- Dangerous JS Functions [10110] total: 3:
- Permissions Policy Header Not Set [10063] total: 11:
- http://localhost:8090
- http://localhost:8090/
- http://localhost:8090/modules/$(VirtoCommerce.Assets)/dist/app.js?v=ofhnrHdem1Z7XLNx-hWL3xUCPnnMgVy4B6WqnwVT7IE
- http://localhost:8090/modules/$(VirtoCommerce.BulkActionsModule)/dist/app.js?v=bx2WCaYbo0S7frA5b2VtDkxui4XLMmhsAYoa_v7Q3OA
- http://localhost:8090/modules/$(VirtoCommerce.Export)/dist/app.js?v=QgwIXsJAY8Wv-Wk5QRjQzImMisfzB59JUANqrWeR0QA
- ..
- Timestamp Disclosure - Unix [10096] total: 1:
- X-Content-Type-Options Header Missing [10021] total: 11:
- http://localhost:8090
- http://localhost:8090/
- http://localhost:8090/modules/$(VirtoCommerce.Catalog)/dist/style.css?v=Z_wcrI_74CPpGEznTeEexg7SU5lYBVj53SZZ2ZjvZ40
- http://localhost:8090/modules/$(VirtoCommerce.Core)/dist/style.css?v=JxV59GTG-OlnR0vCng7qmL0bUL_hI5YdQOSjYMpqEsw
- http://localhost:8090/modules/$(VirtoCommerce.Customer)/dist/style.css?v=VexL7D7TvPYyKPfzXG32PVA8ZNJt_Q4e5C9PZXQr3G8
- ..
- Base64 Disclosure [10094] total: 7:
- Information Disclosure - Suspicious Comments [10027] total: 12:
- http://localhost:8090
- http://localhost:8090/
- http://localhost:8090/dist/app.js?v=OZC9PC7AKStbYyWVfm3fMHmZ-YnOFNnaYQaMDkrCZdQ
- http://localhost:8090/modules/$(VirtoCommerce.Assets)/dist/app.js?v=ofhnrHdem1Z7XLNx-hWL3xUCPnnMgVy4B6WqnwVT7IE
- http://localhost:8090/modules/$(VirtoCommerce.Catalog)/dist/app.js?v=Npjy8JFZNp5HHd_FLofoIjwfA2tWqltXBOuve_gLpFo
- ..
- Modern Web Application [10109] total: 2:
- Storable and Cacheable Content [10049] total: 11:
- http://localhost:8090
- http://localhost:8090/
- http://localhost:8090/modules/$(VirtoCommerce.Catalog)/dist/style.css?v=Z_wcrI_74CPpGEznTeEexg7SU5lYBVj53SZZ2ZjvZ40
- http://localhost:8090/modules/$(VirtoCommerce.Core)/dist/style.css?v=JxV59GTG-OlnR0vCng7qmL0bUL_hI5YdQOSjYMpqEsw
- http://localhost:8090/modules/$(VirtoCommerce.Customer)/dist/style.css?v=VexL7D7TvPYyKPfzXG32PVA8ZNJt_Q4e5C9PZXQr3G8
- ..
- Absence of Anti-CSRF Tokens [10202] total: 4:
View the following link to download the report.
RunnerID:5241601228
github-actions commented
- Site: http://localhost:8090
New Alerts- Sec-Fetch-Dest Header is Missing [90005] total: 3:
- Sec-Fetch-Mode Header is Missing [90005] total: 3:
- Sec-Fetch-Site Header is Missing [90005] total: 3:
- Sec-Fetch-User Header is Missing [90005] total: 3:
View the following link to download the report.
RunnerID:5682272357
mvktsk commented
Task https://virtocommerce.atlassian.net/browse/VP-8422 has been created