Merge branch 'docs-dast-passive-scanning' into 'master'

Make clear that DAST is passive scanning only See merge request gitlab-org/gitlab-ee!6348

Merge branch 'docs-dast-passive-scanning' into 'master'
Make clear that DAST is passive scanning only See merge request gitlab-org/gitlab-ee!6348
fde933c2 · Philippe Lafoucrière · 8fbb0907 · ab4f1228 · fde933c2
Commit fde933c2 authored Jul 05, 2018 by Philippe Lafoucrière
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 0 deletions

doc/ci/examples/dast.md doc/ci/examples/dast.md +3 -0

No files found.
--- a/doc/ci/examples/dast.md
+++ b/doc/ci/examples/dast.md
@@ -3,6 +3,9 @@
 [Dynamic Application Security Testing (DAST)](https://en.wikipedia.org/wiki/Dynamic_program_analysis)
 is using the popular open source tool [OWASP ZAProxy](https://github.com/zaproxy/zaproxy)
 to perform an analysis on your running web application.
+Since it is based on [ZAP Baseline](https://github.com/zaproxy/zaproxy/wiki/ZAP-Baseline-Scan)
+DAST will perform passive scanning only;
+it will not actively attack your application.

 It can be very useful combined with [Review Apps](../review_apps/index.md).