Commit 7160b215 authored by Russell Dickenson's avatar Russell Dickenson

Document DAST saved scans feature

parent 58433e8d
...@@ -733,9 +733,10 @@ the scan. You must start it manually. ...@@ -733,9 +733,10 @@ the scan. You must start it manually.
An on-demand DAST scan: An on-demand DAST scan:
- Uses settings in the site profile and scanner profile you select when you run the scan, - Can run a specific combination of a [site profile](#site-profile) and a
instead of those in the `.gitlab-ci.yml` file. [scanner profile](#scanner-profile).
- Is associated with your project's default branch. - Is associated with your project's default branch.
- Is saved on creation so it can be run later.
### On-demand scan modes ### On-demand scan modes
...@@ -743,8 +744,8 @@ An on-demand scan can be run in active or passive mode: ...@@ -743,8 +744,8 @@ An on-demand scan can be run in active or passive mode:
- _Passive mode_ is the default and runs a ZAP Baseline Scan. - _Passive mode_ is the default and runs a ZAP Baseline Scan.
- _Active mode_ runs a ZAP Full Scan which is potentially harmful to the site being scanned. To - _Active mode_ runs a ZAP Full Scan which is potentially harmful to the site being scanned. To
minimize the risk of accidental damage, running an active scan requires a [validated site minimize the risk of accidental damage, running an active scan requires a [validated site
profile](#site-profile-validation). profile](#site-profile-validation).
### Run an on-demand DAST scan ### Run an on-demand DAST scan
...@@ -753,19 +754,75 @@ You must have permission to run an on-demand DAST scan against a protected branc ...@@ -753,19 +754,75 @@ You must have permission to run an on-demand DAST scan against a protected branc
The default branch is automatically protected. For more information, see The default branch is automatically protected. For more information, see
[Pipeline security on protected branches](../../../ci/pipelines/index.md#pipeline-security-on-protected-branches). [Pipeline security on protected branches](../../../ci/pipelines/index.md#pipeline-security-on-protected-branches).
To run an on-demand DAST scan, you need: Prerequisites:
- A [scanner profile](#create-a-scanner-profile). - A [scanner profile](#create-a-scanner-profile).
- A [site profile](#create-a-site-profile). - A [site profile](#create-a-site-profile).
- If you are running an active scan the site profile must be [validated](#validate-a-site-profile). - If you are running an active scan the site profile must be [validated](#validate-a-site-profile).
To run an on-demand scan, either:
- [Create and run an on-demand scan](#create-and-run-an-on-demand-scan).
- [Run a previously saved on-demand scan](#run-a-saved-on-demand-scan).
### Create and run an on-demand scan
1. From your project's home page, go to **Security & Compliance > On-demand Scans** in the left sidebar. 1. From your project's home page, go to **Security & Compliance > On-demand Scans** in the left sidebar.
1. In **Scanner profile**, select a scanner profile from the dropdown. 1. In **Scanner profile**, select a scanner profile from the dropdown.
1. In **Site profile**, select a site profile from the dropdown. 1. In **Site profile**, select a site profile from the dropdown.
1. Click **Run scan**. 1. To run the on-demand scan now, select **Save and run scan**. Otherwise select **Save scan** to
[run](#run-a-saved-on-demand-scan) it later.
The on-demand DAST scan runs and the project's dashboard shows the results.
#### List saved on-demand scans
To list saved on-demand scans:
1. From your project's home page, go to **Security & Compliance > Configuration**.
1. Select the **Saved Scans** tab.
#### View details of an on-demand scan
To view details of an on-demand scan:
1. From your project's home page, go to **Security & Compliance > Configuration**.
1. Select **Manage** in the **DAST Profiles** row.
1. Select the **Saved Scans** tab.
1. In the saved scan's row select **More actions** (**{ellipsis_v}**), then select **Edit**.
#### Run a saved on-demand scan
To run a saved on-demand scan:
1. From your project's home page, go to **Security & Compliance > Configuration**.
1. Select **Manage** in the **DAST Profiles** row.
1. Select the **Saved Scans** tab.
1. In the scan's row select **Run scan**.
The on-demand DAST scan runs and the project's dashboard shows the results. The on-demand DAST scan runs and the project's dashboard shows the results.
#### Edit an on-demand scan
To edit an on-demand scan:
1. From your project's home page, go to **Security & Compliance > Configuration**.
1. Select **Manage** in the **DAST Profiles** row.
1. Select the **Saved Scans** tab.
1. In the saved scan's row select **More actions** (**{ellipsis_v}**), then select **Edit**.
1. Edit the form.
1. Select **Save scan**.
#### Delete an on-demand scan
To delete an on-demand scan:
1. From your project's home page, go to **Security & Compliance > Configuration**.
1. Select **Manage** in the **DAST Profiles** row.
1. Select the **Saved Scans** tab.
1. In the saved scan's row select **More actions** (**{ellipsis_v}**), then select **Delete**.
1. Select **Delete** to confirm the deletion.
## Site profile ## Site profile
A site profile describes the attributes of a web site to scan on demand with DAST. A site profile is A site profile describes the attributes of a web site to scan on demand with DAST. A site profile is
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment