The method of including the DAST template depends on the GitLab version:
1. Add the template to GitLab, based on your version of GitLab:
- In GitLab 11.9 and later, [include](../../../ci/yaml/README.md#includetemplate) the
- In GitLab 11.9 and later, [include](../../../ci/yaml/README.md#includetemplate)
`DAST.gitlab-ci.yml` template.
the template by adding the following to your `.gitlab-ci.yml` file:
Add the following to your `.gitlab-ci.yml` file:
```yaml
```yaml
include:
include:
-template:DAST.gitlab-ci.yml
- template: <template_file.yml>
variables:
variables:
DAST_WEBSITE: https://example.com
DAST_WEBSITE: https://example.com
```
```
- In GitLab 11.8 and earlier, copy the template's content into your `.gitlab_ci.yml` file.
- In GitLab 11.8 and earlier, add the contents of the template to your
`.gitlab_ci.yml` file.
#### Template options
1. Define the URL to be scanned by DAST by using one of these methods:
Running a DAST scan requires a URL. There are two ways to define the URL to be scanned by DAST:
- Set the `DAST_WEBSITE`[CI/CD variable](../../../ci/yaml/README.md#variables).
If set, this value takes precedence.
1. Set the `DAST_WEBSITE`[CI/CD variable](../../../ci/yaml/README.md#variables).
- Add the URL in an `environment_url.txt` file at the root of your project. This is
useful for testing in dynamic environments. To run DAST against an application
dynamically created during a GitLab CI/CD pipeline, a job that runs prior to
the DAST scan must persist the application's domain in an `environment_url.txt`
file. DAST automatically parses the `environment_url.txt` file to find its
scan target.
1. Add it in an `environment_url.txt` file at the root of your project.
For example, in a job that runs prior to DAST, you could include code that
This is useful for testing in dynamic environments. To run DAST against an application
looks similar to:
dynamically created during a GitLab CI/CD pipeline, a job that runs prior to the DAST scan must
persist the application's domain in an `environment_url.txt` file. DAST automatically parses the
`environment_url.txt` file to find its scan target.
For example, in a job that runs prior to DAST, you could include code that looks similar to:
```yaml
```yaml
script:
script:
...
@@ -104,28 +111,31 @@ Running a DAST scan requires a URL. There are two ways to define the URL to be s
...
@@ -104,28 +111,31 @@ Running a DAST scan requires a URL. There are two ways to define the URL to be s
when: always
when: always
```
```
You can see an example of this in our [Auto DevOps CI YAML](https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Jobs/Deploy.gitlab-ci.yml) file.
You can see an example of this in our
[Auto DevOps CI YAML](https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Jobs/Deploy.gitlab-ci.yml)
If both values are set, the `DAST_WEBSITE` value takes precedence.
file.
The included template creates a `dast` job in your CI/CD pipeline and scans
The included template creates a `dast` job in your CI/CD pipeline and scans
your project's running application for possible vulnerabilities.
your project's running application for possible vulnerabilities.