Skip to content

NashTech-Labs/zap-scan-for-go-lang

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
.github/workflows
.github/workflows
 
 
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

GitHub Actions - Go App ZAP Scan

This repository includes a CI/CD pipeline for Dynamic Application Security Testing (DAST) using OWASP ZAP.

Detected Vulnerabilities (via ZAP) & Fixes

1. X-Content-Type-Options Header Missing [10021]

Risk: Without this header, browsers may try to MIME-sniff responses and interpret them as executable content, increasing the risk of XSS attacks.

Fix: Added the following header in the Go app middleware:

c.Writer.Header().Set("X-Content-Type-Options", "nosniff")

2. Insufficient Site Isolation Against Spectre Vulnerability [90004]

Risk: Lack of proper isolation headers may leave your app open to speculative execution attacks (e.g., Spectre), especially in multi-origin contexts.

Fix: Set the following header to limit cross-origin access to resources:

c.Writer.Header().Set("Cross-Origin-Resource-Policy", "same-origin")

About

This repository includes a CICD pipeline for Dynamic Application Security Testing (DAST) using OWASP ZAP.

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages