🚓 Integrate Wapiti as additional Web Application Security Scanner

[rfelber]

🚓 New Scanner implementation request

Is your feature request related to a problem

As a secureCodeBox user i want to use the Wapiti web-application vulnerability scanner on a regular basis.

Describe the solution you'd like

Integrate Wapiti as new web-application vulnerability scanner.

Additional context

• Wapiti
• https://owasp.org/www-community/Automated_Audit_using_WAPITI
• DefectDojo already has implemented a Wapiti parser: https://github.com/DefectDojo/django-DefectDojo/issues/1139

Steps to implement a new scanner

Hint: A general guide how to implement a new SCB scanner is documented here.

• [ ] Create a new folder with the name of the scanner here
• [ ] Add a README.gotmpl and give a brief overview of the scanner and its configuration options.
• [ ] Add a HelmChart and document all configuration options.
• [ ] Implement a new scanner specific scan-type.yaml
• [ ] Implement a new scanner specific parse-definition.yaml
• [ ] Add (optional) some cascading-rules.yaml like documented here
• [ ] Add (optional) a Dockerfile for the scanner if there is no existing one publicly available on dockerHub
• [ ] Use the parser-SDK to implement a new findings parser (currently based on NodeJS)
• [ ] Add unit tests with at minimum 80% test coverage
• [ ] Add some example scan.yaml and finding.yaml files in the example folder
• [ ] Implement a new integration or E2E test for the hook here