Commit 3ad37425 authored by Ezekiel Kigbo's avatar Ezekiel Kigbo

Merge branch 'djadmin-enable-dast-configuration-ui' into 'master'

Documentation and Enable DAST Configuration UI feature flag

See merge request gitlab-org/gitlab!63849
parents bdc760e4 59e78b34
...@@ -27,13 +27,14 @@ A job is defined as a list of keywords that define the job's behavior. ...@@ -27,13 +27,14 @@ A job is defined as a list of keywords that define the job's behavior.
The keywords available for jobs are: The keywords available for jobs are:
| Keyword | Description | | Keyword | Description |
| :-----------------------------------|:------------| | :-------------------------------------------|:------------|
| [`after_script`](#after_script) | Override a set of commands that are executed after job. | | [`after_script`](#after_script) | Override a set of commands that are executed after job. |
| [`allow_failure`](#allow_failure) | Allow job to fail. A failed job does not cause the pipeline to fail. | | [`allow_failure`](#allow_failure) | Allow job to fail. A failed job does not cause the pipeline to fail. |
| [`artifacts`](#artifacts) | List of files and directories to attach to a job on success. | | [`artifacts`](#artifacts) | List of files and directories to attach to a job on success. |
| [`before_script`](#before_script) | Override a set of commands that are executed before job. | | [`before_script`](#before_script) | Override a set of commands that are executed before job. |
| [`cache`](#cache) | List of files that should be cached between subsequent runs. | | [`cache`](#cache) | List of files that should be cached between subsequent runs. |
| [`coverage`](#coverage) | Code coverage settings for a given job. | | [`coverage`](#coverage) | Code coverage settings for a given job. |
| [`dast_configuration`](#dast_configuration) | Use configuration from DAST profiles on a job level. |
| [`dependencies`](#dependencies) | Restrict which artifacts are passed to a specific job by providing a list of jobs to fetch artifacts from. | | [`dependencies`](#dependencies) | Restrict which artifacts are passed to a specific job by providing a list of jobs to fetch artifacts from. |
| [`environment`](#environment) | Name of an environment to which the job deploys. | | [`environment`](#environment) | Name of an environment to which the job deploys. |
| [`except`](#only--except) | Control when jobs are not created. | | [`except`](#only--except) | Control when jobs are not created. |
...@@ -4502,6 +4503,50 @@ You can use [CI/CD variables](../variables/index.md) to configure how the runner ...@@ -4502,6 +4503,50 @@ You can use [CI/CD variables](../variables/index.md) to configure how the runner
You can also use variables to configure how many times a runner You can also use variables to configure how many times a runner
[attempts certain stages of job execution](../runners/configure_runners.md#job-stages-attempts). [attempts certain stages of job execution](../runners/configure_runners.md#job-stages-attempts).
## `dast_configuration` **(ULTIMATE)**
> [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/5981) in GitLab 14.1.
Use the `dast_configuration` keyword to specify a site profile and scanner profile to be used in a
CI/CD configuration. Both profiles must first have been created in the project. The job's stage must
be `dast`.
**Keyword type**: Job keyword. You can use only as part of a job.
**Possible inputs**: One each of `site_profile` and `scanner_profile`.
- Use `site_profile` to specify the site profile to be used in the job.
- Use `scanner_profile` to specify the scanner profile to be used in the job.
**Example of `dast_configuration`**:
```yaml
stages:
- build
- dast
include:
- template: DAST.gitlab-ci.yml
dast:
dast_configuration:
site_profile: "Example Co"
scanner_profile: "Quick Passive Test"
```
In this example, the `dast` job extends the `dast` configuration added with the `include:` keyword
to select a specific site profile and scanner profile.
**Additional details**:
- Settings contained in either a site profile or scanner profile take precedence over those
contained in the DAST template.
**Related topics**:
- [Site profile](../../user/application_security/dast/index.md#site-profile).
- [Scanner profile](../../user/application_security/dast/index.md#scanner-profile).
## YAML-specific features ## YAML-specific features
In your `.gitlab-ci.yml` file, you can use YAML-specific features like anchors (`&`), aliases (`*`), In your `.gitlab-ci.yml` file, you can use YAML-specific features like anchors (`&`), aliases (`*`),
......
...@@ -145,6 +145,7 @@ To enable DAST to run automatically, either: ...@@ -145,6 +145,7 @@ To enable DAST to run automatically, either:
by [Auto DevOps](../../../topics/autodevops/index.md)). by [Auto DevOps](../../../topics/autodevops/index.md)).
- [Include the DAST template](#include-the-dast-template) in your existing - [Include the DAST template](#include-the-dast-template) in your existing
`.gitlab-ci.yml` file. `.gitlab-ci.yml` file.
- [Configure DAST using the UI](#configure-dast-using-the-ui).
### DAST job order ### DAST job order
...@@ -265,6 +266,28 @@ image. Using the `DAST_VERSION` variable, you can choose how DAST updates: ...@@ -265,6 +266,28 @@ image. Using the `DAST_VERSION` variable, you can choose how DAST updates:
Find the latest DAST versions on the [Releases](https://gitlab.com/security-products/dast/-/releases) Find the latest DAST versions on the [Releases](https://gitlab.com/security-products/dast/-/releases)
page. page.
#### Configure DAST using the UI
You can enable or configure DAST settings using the UI. The generated settings are formatted so they
can be conveniently pasted into the `.gitlab-ci.yml` file.
1. From the project's home page, go to **Security & Compliance > Configuration**.
1. In the **Dynamic Application Security Testing (DAST)** section, select **Enable DAST** or
**Configure DAST**.
1. Select the desired **Scanner profile**, or select **Create scanner profile** and save a
scanner profile. For more details, see [scanner profiles](#scanner-profile).
1. Select the desired **Site profile**, or select **Create site profile** and save a site
profile. For more details, see [site profiles](#site-profile).
1. Select **Generate code snippet**. A modal opens with the YAML snippet corresponding to the
options you selected.
1. Do one of the following:
1. Select **Copy code only** to copy the snippet to your clipboard.
1. Select **Copy code and open `.gitlab-ci.yml` file** to copy the snippet to your clipboard. The
CI/CD Editor then opens.
1. Paste the snippet into the `.gitlab-ci.yml` file.
1. Select the **Lint** tab to confirm the edited `.gitlab-ci.yml` file is valid.
1. Select **Commit changes**.
#### Crawling web applications dependent on JavaScript #### Crawling web applications dependent on JavaScript
GitLab has released a new browser-based crawler, an add-on to DAST that uses a browser to crawl web applications for content. This crawler replaces the standard DAST Spider and Ajax Crawler, and uses the same authentication mechanisms as a normal DAST scan. GitLab has released a new browser-based crawler, an add-on to DAST that uses a browser to crawl web applications for content. This crawler replaces the standard DAST Spider and Ajax Crawler, and uses the same authentication mechanisms as a normal DAST scan.
......
...@@ -2,7 +2,7 @@ ...@@ -2,7 +2,7 @@
name: dast_configuration_ui name: dast_configuration_ui
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/62014 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/62014
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/330728 rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/330728
milestone: '14.0' milestone: '14.1'
type: development type: development
group: group::dynamic analysis group: group::dynamic analysis
default_enabled: false default_enabled: true
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment