When using the `DAST.gitlab-ci.yml` template, the `dast` job is run last as shown in
the example below. To ensure DAST is scanning the latest code, your CI pipeline
the example below. To ensure DAST is scanning the latest code, your CI pipeline
should deploy changes to the web server in one of the jobs preceding the `dast` job.
should deploy changes to the web server in one of the jobs preceding the `dast` job.
...
@@ -250,6 +248,9 @@ tips for optimizing DAST scans in a [blog post](https://about.gitlab.com/blog/20
...
@@ -250,6 +248,9 @@ tips for optimizing DAST scans in a [blog post](https://about.gitlab.com/blog/20
#### Domain validation
#### Domain validation
WARNING:
In GitLab 13.8, domain validation, outside of the new on-demand scan site profile validation, was deprecated. In GitLab 14.0, domain validation in CI/CD jobs will be permanently removed.
The DAST job can be run anywhere, which means you can accidentally hit live web servers
The DAST job can be run anywhere, which means you can accidentally hit live web servers
and potentially damage them. You could even take down your production environment.
and potentially damage them. You could even take down your production environment.
For that reason, you should use domain validation.
For that reason, you should use domain validation.
...
@@ -679,7 +680,7 @@ successfully run. For more information, see [Offline environments](../offline_de
...
@@ -679,7 +680,7 @@ successfully run. For more information, see [Offline environments](../offline_de
To use DAST in an offline environment, you need:
To use DAST in an offline environment, you need:
- GitLab Runner with the [`docker` or `kubernetes` executor](#requirements).
- GitLab Runner with the [`docker` or `kubernetes` executor](#prerequisites).
- Docker Container Registry with a locally available copy of the DAST
- Docker Container Registry with a locally available copy of the DAST
[container image](https://gitlab.com/gitlab-org/security-products/dast), found in the
[container image](https://gitlab.com/gitlab-org/security-products/dast), found in the