Security test build has failed because the X-Frame-Options was not set in the response headers and this was detected by the ZAP Proxy. This rule is set as “FAIL” in the gen.conf file for ZAP tool.
To verify this, go to “Report Dashboard” –> Go “Experience Assurance” section and Click on the “Rule Report” link under the “Security Test” section. (This will open the security_test_output.txt in browser).
If you scroll down to the bottom of the file, you will notice the failure (as shown in the image below)
For now, consider this as a “False Positive” and let us fix these issues.
Change the rule for X-Frame-Options Header Scanner from FAIL to WARN, so that the security test will pass with the warning and the code progresses to the next build step.
Go to “AWS CodeCommit’ –> Open the “awswrkshp-tests-security” repository. Locate and open the “gen.conf” file. This will have the set of passive security scan rules to be validated.
Click on “Edit”.
Change the rule for X-Frame-Options Header Scanner from FAIL to WARN. Refer the screenshot as shown below for details:
Scroll down to the bottom of the page and provide the required details like author name, email address and commit message (change description) and click ‘commit changes’.
The Commit Change to the gen.conf file will trigger the pipeline automatically and this time security testing build will be executed without any errors.
The ‘succeeded’ status is now updated for each stage, as shown below: