You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The mozilla compliance check result can only be read from the logs of the scanner pod which is very inconvenient.
The SSLyze examples set the wrong expectation with the --mozilla_config parameter.
Describe the solution you'd like
I would like to have the scanner include mozilla compliance validation in the findings.
Describe alternatives you've considered
Requesting the compliance level to be included in the SSLyze json output.
Because the scan does not change it should even be possible to check if the target matches any compliance level and report that.
The text was updated successfully, but these errors were encountered:
➹ New Feature implementation request
Is your feature request related to a problem?
https://www.securecodebox.io/docs/scanners/sslyze#examples
The documentation for the SSLyze scanner shows many examples using the
--mozilla_config=intermediate
parameter. But the reality is that the--mozilla_config
parameter has no effect on the findings reported by the scanner. SSLyze performs the same scan regardless of the--mozilla_config
parameter and validates the scan against the requested compliance level after the json output has been generated.https://github.com/nabla-c0d3/sslyze/blob/release/sslyze/__main__.py#L89
https://github.com/search?q=repo%3Anabla-c0d3%2Fsslyze%20check_against_mozilla_config&type=code
The mozilla compliance check result can only be read from the logs of the scanner pod which is very inconvenient.
The SSLyze examples set the wrong expectation with the
--mozilla_config
parameter.Describe the solution you'd like
I would like to have the scanner include mozilla compliance validation in the findings.
Describe alternatives you've considered
Requesting the compliance level to be included in the SSLyze json output.
Because the scan does not change it should even be possible to check if the target matches any compliance level and report that.
The text was updated successfully, but these errors were encountered: