#5 On Demand Scans, Audit Events, & Extra Configurations

We will wrap up the last few security capabilities that GitLab offers beyond what is possible within our CICD configuration by adding on demand scans, audit events, and further configurations for our scans

Theme

In case of security risks events these tools are extremely handy at quickly troubleshooting what may be the issue with your application.

• Step 1: Set Up an On Demand Scan

  • Using the left hand navigation menu click through Security & Compliance > On-demand scans. We then want to click New scan.
  • In the Scan configuration section add a name and description but leave the rest blank.
  • Next in the DAST configuration section click Select scanner profile twice, give it a name, then save the rest as is and click Save profile.
  • We then want to double click Select site profile, and under Target URL enter http://www.example.com/home. It is out of scope to fully deploy out this application therefore the DAST scanner will not run, but think about how you could customize these settings for your own application.
  • Then click Save profile and scroll down to Save scan.

• Step 2: Project Audit Events

  • Using the left hand navigation menu click through Security & Compliance > Audit events to get the report on all actions taken on the project for the past month. If no events are shown you may need to edit the time frame.
  • You should be able to see some of the actions you have taken and where they occurred in the project hierarchy