sslyze scanner: Add mozilla compliance check to the findings #2099
Labels
enhancement
New feature or request
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
➹ New Feature implementation request
Is your feature request related to a problem?
https://www.securecodebox.io/docs/scanners/sslyze#examples
The documentation for the SSLyze scanner shows many examples using the
--mozilla_config=intermediateparameter. But the reality is that the--mozilla_configparameter has no effect on the findings reported by the scanner. SSLyze performs the same scan regardless of the--mozilla_configparameter and validates the scan against the requested compliance level after the json output has been generated.https://github.com/nabla-c0d3/sslyze/blob/release/sslyze/__main__.py#L89
https://github.com/search?q=repo%3Anabla-c0d3%2Fsslyze%20check_against_mozilla_config&type=code
The mozilla compliance check result can only be read from the logs of the scanner pod which is very inconvenient.
The SSLyze examples set the wrong expectation with the
--mozilla_configparameter.Describe the solution you'd like
I would like to have the scanner include mozilla compliance validation in the findings.
Describe alternatives you've considered
Requesting the compliance level to be included in the SSLyze json output.
Because the scan does not change it should even be possible to check if the target matches any compliance level and report that.
The text was updated successfully, but these errors were encountered: