ZAP Scan Baseline Report

[github-actions]

• Site: https://dev-ride.apps.gold.devops.gov.bc.ca
  New Alerts
  • Content Security Policy (CSP) Header Not Set [10038] total: 11:
    • https://dev-ride.apps.gold.devops.gov.bc.ca/
    • https://dev-ride.apps.gold.devops.gov.bc.ca/events/
    • https://dev-ride.apps.gold.devops.gov.bc.ca/events/create
    • https://dev-ride.apps.gold.devops.gov.bc.ca/events/list
    • https://dev-ride.apps.gold.devops.gov.bc.ca/events/list?ordering=-id&page=1&size=10
    • ..
  • Cookie No HttpOnly Flag [10010] total: 2:
    • https://dev-ride.apps.gold.devops.gov.bc.ca/events/create
    • https://dev-ride.apps.gold.devops.gov.bc.ca/events/create
  • Cookie with SameSite Attribute None [10054] total: 2:
    • https://dev-ride.apps.gold.devops.gov.bc.ca/
    • https://dev-ride.apps.gold.devops.gov.bc.ca/robots.txt
  • Insufficient Site Isolation Against Spectre Vulnerability [90004] total: 10:
    • https://dev-ride.apps.gold.devops.gov.bc.ca/
    • https://dev-ride.apps.gold.devops.gov.bc.ca/events/
    • https://dev-ride.apps.gold.devops.gov.bc.ca/static/debug_toolbar/css/print.css
    • https://dev-ride.apps.gold.devops.gov.bc.ca/static/debug_toolbar/js/toolbar.js
    • https://dev-ride.apps.gold.devops.gov.bc.ca/static/events/events.css
    • ..
  • Permissions Policy Header Not Set [10063] total: 11:
    • https://dev-ride.apps.gold.devops.gov.bc.ca/
    • https://dev-ride.apps.gold.devops.gov.bc.ca/events/
    • https://dev-ride.apps.gold.devops.gov.bc.ca/events/create
    • https://dev-ride.apps.gold.devops.gov.bc.ca/events/list
    • https://dev-ride.apps.gold.devops.gov.bc.ca/events/list?ordering=-id&page=1&size=10
    • ..
  • Strict-Transport-Security Header Not Set [10035] total: 11:
    • https://dev-ride.apps.gold.devops.gov.bc.ca/
    • https://dev-ride.apps.gold.devops.gov.bc.ca/events/
    • https://dev-ride.apps.gold.devops.gov.bc.ca/profile/
    • https://dev-ride.apps.gold.devops.gov.bc.ca/robots.txt
    • https://dev-ride.apps.gold.devops.gov.bc.ca/sitemap.xml
    • ..
  • Timestamp Disclosure - Unix [10096] total: 1:
    • https://dev-ride.apps.gold.devops.gov.bc.ca/static/events/ol-10.4.0.js
  • X-Content-Type-Options Header Missing [10021] total: 10:
    • https://dev-ride.apps.gold.devops.gov.bc.ca/static/debug_toolbar/css/print.css
    • https://dev-ride.apps.gold.devops.gov.bc.ca/static/debug_toolbar/css/toolbar.css
    • https://dev-ride.apps.gold.devops.gov.bc.ca/static/debug_toolbar/js/toolbar.js
    • https://dev-ride.apps.gold.devops.gov.bc.ca/static/events/events.css
    • https://dev-ride.apps.gold.devops.gov.bc.ca/static/events/ol-10.4.0.css
    • ..
  • Information Disclosure - Suspicious Comments [10027] total: 4:
    • https://dev-ride.apps.gold.devops.gov.bc.ca/static/debug_toolbar/js/toolbar.js
    • https://dev-ride.apps.gold.devops.gov.bc.ca/static/events/ol-10.4.0.js
    • https://dev-ride.apps.gold.devops.gov.bc.ca/static/events/olms.js
    • https://dev-ride.apps.gold.devops.gov.bc.ca/static/events/widget.js
  • Modern Web Application [10109] total: 11:
    • https://dev-ride.apps.gold.devops.gov.bc.ca/
    • https://dev-ride.apps.gold.devops.gov.bc.ca/events/
    • https://dev-ride.apps.gold.devops.gov.bc.ca/events/create
    • https://dev-ride.apps.gold.devops.gov.bc.ca/events/list
    • https://dev-ride.apps.gold.devops.gov.bc.ca/events/list?ordering=-id&page=1&size=10
    • ..
  • Re-examine Cache-control Directives [10015] total: 11:
    • https://dev-ride.apps.gold.devops.gov.bc.ca/
    • https://dev-ride.apps.gold.devops.gov.bc.ca/events/
    • https://dev-ride.apps.gold.devops.gov.bc.ca/events/create
    • https://dev-ride.apps.gold.devops.gov.bc.ca/events/list
    • https://dev-ride.apps.gold.devops.gov.bc.ca/events/list?ordering=-id&page=1&size=10
    • ..
  • Session Management Response Identified [10112] total: 4:
    • https://dev-ride.apps.gold.devops.gov.bc.ca/events/create
    • https://dev-ride.apps.gold.devops.gov.bc.ca/robots.txt
    • https://dev-ride.apps.gold.devops.gov.bc.ca/events/create
    • https://dev-ride.apps.gold.devops.gov.bc.ca/robots.txt
  • Storable and Cacheable Content [10049] total: 11:
    • https://dev-ride.apps.gold.devops.gov.bc.ca/
    • https://dev-ride.apps.gold.devops.gov.bc.ca/events/
    • https://dev-ride.apps.gold.devops.gov.bc.ca/profile/
    • https://dev-ride.apps.gold.devops.gov.bc.ca/robots.txt
    • https://dev-ride.apps.gold.devops.gov.bc.ca/sitemap.xml
    • ..
  • User Controllable HTML Element Attribute (Potential XSS) [10031] total: 6:
    • https://dev-ride.apps.gold.devops.gov.bc.ca/events/create
    • https://dev-ride.apps.gold.devops.gov.bc.ca/events/create
    • https://dev-ride.apps.gold.devops.gov.bc.ca/events/create
    • https://dev-ride.apps.gold.devops.gov.bc.ca/events/create
    • https://dev-ride.apps.gold.devops.gov.bc.ca/events/create
    • ..

View the following link to download the report.
RunnerID:13687960151

---

ZAP by Checkmarx

[github-actions]

• Site: https://dev-ride.apps.gold.devops.gov.bc.ca
  New Alerts

  • Cookie Without Secure Flag [10011] total: 1:
    • https://dev-ride.apps.gold.devops.gov.bc.ca/accounts/oidc/idir/login/?auth_params=kc_idp_hint=azureidir&next&process=login

  Resolved Alerts

  • User Controllable HTML Element Attribute (Potential XSS) [10031] total: 6:

View the following link to download the report.
RunnerID:14554708162

[github-actions]

• Site: https://dev-ride.apps.gold.devops.gov.bc.ca
  Resolved Alerts
  • Timestamp Disclosure - Unix [10096] total: 1:

View the following link to download the report.
RunnerID:15090996129