Commit 1cebacc2 authored by Russell Dickenson's avatar Russell Dickenson Committed by Marcel Amirault

Document new DAST on-demand option to select branch

parent cb20b848
...@@ -798,8 +798,8 @@ Alternatively, you can use the CI/CD variable `SECURE_ANALYZERS_PREFIX` to overr ...@@ -798,8 +798,8 @@ Alternatively, you can use the CI/CD variable `SECURE_ANALYZERS_PREFIX` to overr
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/218465) in GitLab 13.2. > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/218465) in GitLab 13.2.
> - [Improved](https://gitlab.com/gitlab-org/gitlab/-/issues/218465) in GitLab 13.3. > - [Improved](https://gitlab.com/gitlab-org/gitlab/-/issues/218465) in GitLab 13.3.
> - The saved scans feature was [added](https://gitlab.com/groups/gitlab-org/-/epics/5100) in > - The saved scans feature was [introduced](https://gitlab.com/groups/gitlab-org/-/epics/5100) in GitLab 13.9.
> GitLab 13.9. > - The option to select a branch was [introduced](https://gitlab.com/groups/gitlab-org/-/epics/4847) in GitLab 13.10.
An on-demand DAST scan runs outside the DevOps life cycle. Changes in your repository don't trigger An on-demand DAST scan runs outside the DevOps life cycle. Changes in your repository don't trigger
the scan. You must start it manually. the scan. You must start it manually.
...@@ -811,6 +811,11 @@ An on-demand DAST scan: ...@@ -811,6 +811,11 @@ An on-demand DAST scan:
- Is associated with your project's default branch. - Is associated with your project's default branch.
- Is saved on creation so it can be run later. - Is saved on creation so it can be run later.
In GitLab 13.10 and later, you can select to run an on-demand scan against a specific branch. This
feature is [deployed behind a feature flag](../../feature_flags.md), enabled by default. It's
enabled on GitLab.com and recommended for production use. [GitLab administrators with access to the GitLab Rails console](../../../administration/feature_flags.md)
can opt to disable it with `Feature.disable(:dast_branch_selection)`.
### On-demand scan modes ### On-demand scan modes
An on-demand scan can be run in active or passive mode: An on-demand scan can be run in active or passive mode:
...@@ -843,6 +848,7 @@ To run an on-demand scan, either: ...@@ -843,6 +848,7 @@ To run an on-demand scan, either:
1. From your project's home page, go to **Security & Compliance > On-demand Scans** in the left 1. From your project's home page, go to **Security & Compliance > On-demand Scans** in the left
sidebar. sidebar.
1. Complete the **Scan name** and **Description** fields. 1. Complete the **Scan name** and **Description** fields.
1. In GitLab 13.10 and later, select the desired branch from the **Branch** dropdown.
1. In **Scanner profile**, select a scanner profile from the dropdown. 1. In **Scanner profile**, select a scanner profile from the dropdown.
1. In **Site profile**, select a site profile from the dropdown. 1. In **Site profile**, select a site profile from the dropdown.
1. To run the on-demand scan now, select **Save and run scan**. Otherwise select **Save scan** to 1. To run the on-demand scan now, select **Save and run scan**. Otherwise select **Save scan** to
...@@ -877,6 +883,9 @@ To run a saved on-demand scan: ...@@ -877,6 +883,9 @@ To run a saved on-demand scan:
1. Select the **Saved Scans** tab. 1. Select the **Saved Scans** tab.
1. In the scan's row select **Run scan**. 1. In the scan's row select **Run scan**.
If the branch saved in the scan no longer exists, you must first
[edit the scan](#edit-an-on-demand-scan), select a new branch, and save the edited scan.
The on-demand DAST scan runs and the project's dashboard shows the results. The on-demand DAST scan runs and the project's dashboard shows the results.
### Edit an on-demand scan ### Edit an on-demand scan
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment