[security] checkout ZAP as a security framework to test oVirt

Description

there is no security testing ovirt web interface.
we probably have a lot of easily fixable problems.
I've just discovered about ZAP

plan is:

  • make poc with basic tests as jenkins job [to be yaml|has]

  • decide whether we want to progress and customize or hand it for that to QE's.

  • let's not forget that the problem here is not something that can be completely solved with automation
    - it's a holistic problem we need to always be aware of...

Assignee

Eyal Edri

Reporter

Eyal Edri

Blocked By

None

Components

Priority

Configure