Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
7160b215
Commit
7160b215
authored
Feb 16, 2021
by
Russell Dickenson
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Document DAST saved scans feature
parent
58433e8d
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
63 additions
and
6 deletions
+63
-6
doc/user/application_security/dast/index.md
doc/user/application_security/dast/index.md
+63
-6
No files found.
doc/user/application_security/dast/index.md
View file @
7160b215
...
@@ -733,9 +733,10 @@ the scan. You must start it manually.
...
@@ -733,9 +733,10 @@ the scan. You must start it manually.
An on-demand DAST scan:
An on-demand DAST scan:
-
Uses settings in the site profile and scanner profile you select when you run the scan,
-
Can run a specific combination of a
[
site profile
](
#site-profile
)
and a
instead of those in the
`.gitlab-ci.yml`
file
.
[
scanner profile
](
#scanner-profile
)
.
-
Is associated with your project's default branch.
-
Is associated with your project's default branch.
-
Is saved on creation so it can be run later.
### On-demand scan modes
### On-demand scan modes
...
@@ -743,8 +744,8 @@ An on-demand scan can be run in active or passive mode:
...
@@ -743,8 +744,8 @@ An on-demand scan can be run in active or passive mode:
-
_Passive mode_ is the default and runs a ZAP Baseline Scan.
-
_Passive mode_ is the default and runs a ZAP Baseline Scan.
-
_Active mode_ runs a ZAP Full Scan which is potentially harmful to the site being scanned. To
-
_Active mode_ runs a ZAP Full Scan which is potentially harmful to the site being scanned. To
minimize the risk of accidental damage, running an active scan requires a
[
validated site
minimize the risk of accidental damage, running an active scan requires a
[
validated site
profile
](
#site-profile-validation
)
.
profile
](
#site-profile-validation
)
.
### Run an on-demand DAST scan
### Run an on-demand DAST scan
...
@@ -753,19 +754,75 @@ You must have permission to run an on-demand DAST scan against a protected branc
...
@@ -753,19 +754,75 @@ You must have permission to run an on-demand DAST scan against a protected branc
The default branch is automatically protected. For more information, see
The default branch is automatically protected. For more information, see
[
Pipeline security on protected branches
](
../../../ci/pipelines/index.md#pipeline-security-on-protected-branches
)
.
[
Pipeline security on protected branches
](
../../../ci/pipelines/index.md#pipeline-security-on-protected-branches
)
.
To run an on-demand DAST scan, you need
:
Prerequisites
:
-
A
[
scanner profile
](
#create-a-scanner-profile
)
.
-
A
[
scanner profile
](
#create-a-scanner-profile
)
.
-
A
[
site profile
](
#create-a-site-profile
)
.
-
A
[
site profile
](
#create-a-site-profile
)
.
-
If you are running an active scan the site profile must be
[
validated
](
#validate-a-site-profile
)
.
-
If you are running an active scan the site profile must be
[
validated
](
#validate-a-site-profile
)
.
To run an on-demand scan, either:
-
[
Create and run an on-demand scan
](
#create-and-run-an-on-demand-scan
)
.
-
[
Run a previously saved on-demand scan
](
#run-a-saved-on-demand-scan
)
.
### Create and run an on-demand scan
1.
From your project's home page, go to
**Security & Compliance > On-demand Scans**
in the left sidebar.
1.
From your project's home page, go to
**Security & Compliance > On-demand Scans**
in the left sidebar.
1.
In
**Scanner profile**
, select a scanner profile from the dropdown.
1.
In
**Scanner profile**
, select a scanner profile from the dropdown.
1.
In
**Site profile**
, select a site profile from the dropdown.
1.
In
**Site profile**
, select a site profile from the dropdown.
1.
Click
**Run scan**
.
1.
To run the on-demand scan now, select
**Save and run scan**
. Otherwise select
**Save scan**
to
[
run
](
#run-a-saved-on-demand-scan
)
it later.
The on-demand DAST scan runs and the project's dashboard shows the results.
#### List saved on-demand scans
To list saved on-demand scans:
1.
From your project's home page, go to
**Security & Compliance > Configuration**
.
1.
Select the
**Saved Scans**
tab.
#### View details of an on-demand scan
To view details of an on-demand scan:
1.
From your project's home page, go to
**Security & Compliance > Configuration**
.
1.
Select
**Manage**
in the
**DAST Profiles**
row.
1.
Select the
**Saved Scans**
tab.
1.
In the saved scan's row select
**More actions**
(
**{ellipsis_v}**
), then select
**Edit**
.
#### Run a saved on-demand scan
To run a saved on-demand scan:
1.
From your project's home page, go to
**Security & Compliance > Configuration**
.
1.
Select
**Manage**
in the
**DAST Profiles**
row.
1.
Select the
**Saved Scans**
tab.
1.
In the scan's row select
**Run scan**
.
The on-demand DAST scan runs and the project's dashboard shows the results.
The on-demand DAST scan runs and the project's dashboard shows the results.
#### Edit an on-demand scan
To edit an on-demand scan:
1.
From your project's home page, go to
**Security & Compliance > Configuration**
.
1.
Select
**Manage**
in the
**DAST Profiles**
row.
1.
Select the
**Saved Scans**
tab.
1.
In the saved scan's row select
**More actions**
(
**{ellipsis_v}**
), then select
**Edit**
.
1.
Edit the form.
1.
Select
**Save scan**
.
#### Delete an on-demand scan
To delete an on-demand scan:
1.
From your project's home page, go to
**Security & Compliance > Configuration**
.
1.
Select
**Manage**
in the
**DAST Profiles**
row.
1.
Select the
**Saved Scans**
tab.
1.
In the saved scan's row select
**More actions**
(
**{ellipsis_v}**
), then select
**Delete**
.
1.
Select
**Delete**
to confirm the deletion.
## Site profile
## Site profile
A site profile describes the attributes of a web site to scan on demand with DAST. A site profile is
A site profile describes the attributes of a web site to scan on demand with DAST. A site profile is
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment