vc-platform ZAP Scan Baseline Report

ZAP Scan Baseline Report

Open vc-ci opened this issue 6 months ago • 9 comments

Site: https://vcptcore-dev.govirto.com New Alerts
- CSP: Wildcard Directive [10055] total: 2:
  - https://vcptcore-dev.govirto.com
  - https://vcptcore-dev.govirto.com/
- CSP: script-src unsafe-inline [10055] total: 2:
  - https://vcptcore-dev.govirto.com
  - https://vcptcore-dev.govirto.com/
- CSP: style-src unsafe-inline [10055] total: 2:
  - https://vcptcore-dev.govirto.com
  - https://vcptcore-dev.govirto.com/
- Sub Resource Integrity Attribute Missing [90003] total: 2:
  - https://vcptcore-dev.govirto.com
  - https://vcptcore-dev.govirto.com/
- Cross-Domain JavaScript Source File Inclusion [10017] total: 2:
  - https://vcptcore-dev.govirto.com
  - https://vcptcore-dev.govirto.com/
- Dangerous JS Functions [10110] total: 4:
- Permissions Policy Header Not Set [10063] total: 11:
- Timestamp Disclosure - Unix [10096] total: 1:
  - https://vcptcore-dev.govirto.com/modules/$(VirtoCommerce.Notifications)/dist/app.js?v=Gx54drFiY-ENv-Be4qH5jfR-YiymsQdgVlCIOfmDKjM
- Base64 Disclosure [10094] total: 12:
- Information Disclosure - Suspicious Comments [10027] total: 11:
- Modern Web Application [10109] total: 2:
  - https://vcptcore-dev.govirto.com
  - https://vcptcore-dev.govirto.com/
- Re-examine Cache-control Directives [10015] total: 3:
- Sec-Fetch-Dest Header is Missing [90005] total: 3:
- Sec-Fetch-Mode Header is Missing [90005] total: 3:
- Sec-Fetch-Site Header is Missing [90005] total: 3:
- Sec-Fetch-User Header is Missing [90005] total: 3:
- Storable and Cacheable Content [10049] total: 11:

View the following link to download the report. RunnerID:10285515353

ZAP is supported by the Crash Override Open Source Fellowship

Aug 07 '24 13:08 vc-ci

vc-platform vc-platform copied to clipboard

ZAP Scan Baseline Report

vc-platform
vc-platform copied to clipboard