Add DAST to Auto DevOps docs

doc/topics/autodevops/index.md

@@ -21,6 +21,7 @@ project in an easy and automatic way:
 1. [Auto Code Quality](#auto-code-quality)
 1. [Auto SAST (Static Application Security Testing)](#auto-sast)
 1. [Auto SAST for Docker images](#auto-sast-for-docker-images)
+1. [Auto DAST (Dynamic Application Security Testing)](#auto-dast)
 1. [Auto Browser Performance Testing](#auto-browser-performance-testing)
 1. [Auto Review Apps](#auto-review-apps)
 1. [Auto Deploy](#auto-deploy)
@@ -194,8 +195,10 @@ Auto Code Quality uses the open source
 [`codeclimate` image](https://hub.docker.com/r/codeclimate/codeclimate/) to run
 static analysis and other code checks on the current code. The report is
 created, and is uploaded as an artifact which you can later download and check
-out. In GitLab Enterprise Edition Starter, differences between the source and
-target branches are
+out.
+
+In GitLab Enterprise Edition Starter, differences between the source and
+target branches are also
 [shown in the merge request widget](../../user/project/merge_requests/code_quality_diff.md).
 
 ### Auto SAST
@@ -208,7 +211,8 @@ analysis on the current code and checks for potential security issues. Once the
 report is created, it's uploaded as an artifact which you can later download and
 check out.
 
-Any security warnings are also [shown in the merge request widget](../../user/project/merge_requests/sast.md).
+In GitLab Enterprise Edition Ultimate, any security warnings are also
+[shown in the merge request widget](../../user/project/merge_requests/sast.md).
 
 ### Auto SAST for Docker images
 
@@ -223,6 +227,19 @@ check out.
 In GitLab Enterprise Edition Ultimate, any security warnings are also
 [shown in the merge request widget](../../user/project/merge_requests/sast_docker.md).
 
+### Auto DAST
+
+> Introduced in [GitLab Enterprise Edition Ultimate][ee] 10.4.
+
+Dynamic Application Security Testing (DAST) uses the
+popular open source tool [OWASP ZAProxy](https://github.com/zaproxy/zaproxy)
+to perform an analysis on the current code and checks for potential security
+issues. Once the report is created, it's uploaded as an artifact which you can
+later download and check out.
+
+In GitLab Enterprise Edition Ultimate, any security warnings are also
+[shown in the merge request widget](../../user/project/merge_requests/dast.md).
+
 ### Auto Browser Performance Testing
 
 > Introduced in [GitLab Enterprise Edition Premium][ee] 10.4.

doc/user/project/merge_requests/dast.md

@@ -11,25 +11,26 @@ by implicitly using [Auto DAST](../../../topics/autodevops/index.md#auto-dast)
 that is provided by [Auto DevOps](../../../topics/autodevops/index.md).
 
 Going a step further, GitLab can show the vulnerability list right in the merge
-request widget area:
+request widget area.
 
 ![DAST Widget](img/dast-all.png)
 
-By clicking on vlunerability you will be able to see details and url affected:
+By clicking on vulnerability you will be able to see the details and the URL(s)
+affected.
 
 ![DAST Widget Clicked](img/dast-single.png)
 
 ## Use cases
 
 It helps you automatically find security vulnerabilities in your web applications
-while you are developing and testing your applications
+while you are developing and testing your applications.
 
 ## How it works
 
 In order for the report to show in the merge request, you need to specify a
-`dast` job (exact name) that will analyze the running application and upload the resulting
-`gl-dast-report.json` file as an artifact. GitLab will then check this file and
-show the information inside the merge request.
+`dast` job (exact name) that will analyze the running application and upload the
+resulting `gl-dast-report.json` file (exact filename) as an artifact. GitLab
+will then check this file and show the information inside the merge request.
 
 This JSON file needs to be the only artifact file for the job. If you try
 to also include other files, it will break the vulnerability display in the