OWASP ZAP API Scan Results

[github-actions]

• Site: https://alcs-dev-api.apps.silver.devops.gov.bc.ca
  New Alerts
  • CSP: Wildcard Directive [10055] total: 1:
    • https://alcs-dev-api.apps.silver.devops.gov.bc.ca/docs
  • CSP: script-src unsafe-inline [10055] total: 1:
    • https://alcs-dev-api.apps.silver.devops.gov.bc.ca/docs
  • CSP: style-src unsafe-inline [10055] total: 1:
    • https://alcs-dev-api.apps.silver.devops.gov.bc.ca/docs
  • A Server Error response code was returned by the server [100000] total: 7:
    • https://alcs-dev-api.apps.silver.devops.gov.bc.ca/computeMetadata/v1/
    • https://alcs-dev-api.apps.silver.devops.gov.bc.ca/latest/meta-data/
    • https://alcs-dev-api.apps.silver.devops.gov.bc.ca/metadata/instance
    • https://alcs-dev-api.apps.silver.devops.gov.bc.ca/metadata/v1
    • https://alcs-dev-api.apps.silver.devops.gov.bc.ca/opc/v1/instance/
    • ..
  • Cookie with SameSite Attribute None [10054] total: 1:
    • https://alcs-dev-api.apps.silver.devops.gov.bc.ca/docs
  • Cross-Origin-Embedder-Policy Header Missing or Invalid [90004] total: 1:
    • https://alcs-dev-api.apps.silver.devops.gov.bc.ca/docs
  • Permissions Policy Header Not Set [10063] total: 1:
    • https://alcs-dev-api.apps.silver.devops.gov.bc.ca/docs
  • Unexpected Content-Type was returned [100001] total: 9:
    • https://alcs-dev-api.apps.silver.devops.gov.bc.ca/computeMetadata/v1/
    • https://alcs-dev-api.apps.silver.devops.gov.bc.ca/docs
    • https://alcs-dev-api.apps.silver.devops.gov.bc.ca/docs/
    • https://alcs-dev-api.apps.silver.devops.gov.bc.ca/latest/meta-data/
    • https://alcs-dev-api.apps.silver.devops.gov.bc.ca/metadata/instance
    • ..
  • A Client Error response code was returned by the server [100000] total: 2:
    • https://alcs-dev-api.apps.silver.devops.gov.bc.ca/3633050303285866187
    • https://alcs-dev-api.apps.silver.devops.gov.bc.ca/actuator/health
  • Modern Web Application [10109] total: 1:
    • https://alcs-dev-api.apps.silver.devops.gov.bc.ca/docs
  • Re-examine Cache-control Directives [10015] total: 1:
    • https://alcs-dev-api.apps.silver.devops.gov.bc.ca/docs
  • Session Management Response Identified [10112] total: 1:
    • https://alcs-dev-api.apps.silver.devops.gov.bc.ca/docs
  • Storable and Cacheable Content [10049] total: 1:
    • https://alcs-dev-api.apps.silver.devops.gov.bc.ca/docs

View the following link to download the report.
RunnerID:22811442271

---

ZAP by Checkmarx