Commit 404a8dd4 authored by Avielle Wolfe's avatar Avielle Wolfe Committed by Russell Dickenson

Use DAST_API_OPENAPI in DAST docs

parent 26e326e9
...@@ -471,7 +471,7 @@ include: ...@@ -471,7 +471,7 @@ include:
- template: DAST.gitlab-ci.yml - template: DAST.gitlab-ci.yml
variables: variables:
DAST_API_SPECIFICATION: http://my.api/api-specification.yml DAST_API_OPENAPI: http://my.api/api-specification.yml
``` ```
#### Import API specification from a file #### Import API specification from a file
...@@ -486,7 +486,7 @@ dast: ...@@ -486,7 +486,7 @@ dast:
- cp api-specification.yml /zap/wrk/api-specification.yml - cp api-specification.yml /zap/wrk/api-specification.yml
variables: variables:
GIT_STRATEGY: fetch GIT_STRATEGY: fetch
DAST_API_SPECIFICATION: api-specification.yml DAST_API_OPENAPI: api-specification.yml
``` ```
#### Full API scan #### Full API scan
...@@ -522,7 +522,7 @@ include: ...@@ -522,7 +522,7 @@ include:
- template: DAST.gitlab-ci.yml - template: DAST.gitlab-ci.yml
variables: variables:
DAST_API_SPECIFICATION: http://api-test.host.com/api-specification.yml DAST_API_OPENAPI: http://api-test.host.com/api-specification.yml
DAST_API_HOST_OVERRIDE: api-test.host.com DAST_API_HOST_OVERRIDE: api-test.host.com
``` ```
...@@ -537,7 +537,7 @@ include: ...@@ -537,7 +537,7 @@ include:
- template: DAST.gitlab-ci.yml - template: DAST.gitlab-ci.yml
variables: variables:
DAST_API_SPECIFICATION: http://api-test.api.com/api-specification.yml DAST_API_OPENAPI: http://api-test.api.com/api-specification.yml
DAST_REQUEST_HEADERS: "Authorization: Bearer my.token" DAST_REQUEST_HEADERS: "Authorization: Bearer my.token"
``` ```
...@@ -673,8 +673,9 @@ DAST can be [configured](#customizing-the-dast-settings) using CI/CD variables. ...@@ -673,8 +673,9 @@ DAST can be [configured](#customizing-the-dast-settings) using CI/CD variables.
| CI/CD variable | Type | Description | | CI/CD variable | Type | Description |
|------------------------------| --------|-------------| |------------------------------| --------|-------------|
| `SECURE_ANALYZERS_PREFIX` | URL | Set the Docker registry base address from which to download the analyzer. | | `SECURE_ANALYZERS_PREFIX` | URL | Set the Docker registry base address from which to download the analyzer. |
| `DAST_WEBSITE` | URL | The URL of the website to scan. `DAST_API_SPECIFICATION` must be specified if this is omitted. | | `DAST_WEBSITE` | URL | The URL of the website to scan. `DAST_API_OPENAPI` must be specified if this is omitted. |
| `DAST_API_SPECIFICATION` | URL or string | The API specification to import. The specification can be hosted at a URL, or the name of a file present in the `/zap/wrk` directory. `DAST_WEBSITE` must be specified if this is omitted. | | `DAST_API_OPENAPI` | URL or string | The API specification to import. The specification can be hosted at a URL, or the name of a file present in the `/zap/wrk` directory. `DAST_WEBSITE` must be specified if this is omitted. |
| `DAST_API_SPECIFICATION` | URL or string | [Deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/290241) in GitLab 13.12 and replaced by `DAST_API_OPENAPI`. To be removed in GitLab 15.0. The API specification to import. The specification can be hosted at a URL, or the name of a file present in the `/zap/wrk` directory. `DAST_WEBSITE` must be specified if this is omitted. |
| `DAST_SPIDER_START_AT_HOST` | boolean | Set to `false` to prevent DAST from resetting the target to its host before scanning. When `true`, non-host targets `http://test.site/some_path` is reset to `http://test.site` before scan. Default: `true`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/258805) in GitLab 13.6. | | `DAST_SPIDER_START_AT_HOST` | boolean | Set to `false` to prevent DAST from resetting the target to its host before scanning. When `true`, non-host targets `http://test.site/some_path` is reset to `http://test.site` before scan. Default: `true`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/258805) in GitLab 13.6. |
| `DAST_AUTH_URL` | URL | The URL of the page containing the sign-in HTML form on the target website. `DAST_USERNAME` and `DAST_PASSWORD` are submitted with the login form to create an authenticated scan. Not supported for API scans. | | `DAST_AUTH_URL` | URL | The URL of the page containing the sign-in HTML form on the target website. `DAST_USERNAME` and `DAST_PASSWORD` are submitted with the login form to create an authenticated scan. Not supported for API scans. |
| `DAST_AUTH_VERIFICATION_URL` | URL | A URL only accessible to logged in users that DAST can use to confirm successful authentication. If provided, DAST will exit if it cannot access the URL. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/207335) in GitLab 13.8. | `DAST_AUTH_VERIFICATION_URL` | URL | A URL only accessible to logged in users that DAST can use to confirm successful authentication. If provided, DAST will exit if it cannot access the URL. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/207335) in GitLab 13.8.
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment