DavidEBest
commented
8 years ago Not sure if this is the correct approach, but I wouldn't mind some feedback.
Closed DavidEBest closed 8 years ago
DavidEBest
commented
8 years ago Not sure if this is the correct approach, but I wouldn't mind some feedback.
afeld
commented
8 years ago Hmm, I suspect that most warnings will appear on both production and staging for a given site, so can't decide if it would make more sense to show them both in the same report, or as separate reports. Happy to go with this for now and maybe revisit the question later.
Mind fixing the Code Climate warnings? Aside from that, :shipit:
DavidEBest
commented
8 years ago Shellcheck is great. Now I just need to remember to run it before issuing a PR. :)
I went back and forth on combining vs. pulling them into separate sections. Figured this doesn't require any changes to CV to get 'em up and running, and it'd be pretty easy to switch the method if this isn't what the users want.
This adds support for scanning multiple urls per target. The data is combined into a single report file. You can see an example of the output for this here:
https://compliance-viewer.18f.gov/results/openopps/_e0pCNT4oieDVlnNlZFidzovfPnJC1Sk
It functions by looping over the links array and running zap against each url that is discovered. The output for these scans are put in a temporary file. Once all the scans are completed,
jqis used to merge the arrays and move them to theresultsdirectory.