Remove mention of proxy-based DAST

4ee6929d · Russell Dickenson · GitLab · 4194b958 · 4ee6929d · 4ee6929d
Verified Commit 4ee6929d authored 3 months ago by Russell Dickenson Committed by GitLab 3 months ago
--- a/doc/development/fips_compliance.md
+++ b/doc/development/fips_compliance.md
@@ -62,7 +62,6 @@ listed here that also do not work properly in FIPS mode:
 - [Container Scanning](../user/application_security/container_scanning/index.md) support for scanning images in repositories that require authentication.
 - [Code Quality](../ci/testing/code_quality.md) does not support operating in FIPS-compliant mode.
 - [Dependency scanning](../user/application_security/dependency_scanning/index.md) support for Gradle.
- [Dynamic Application Security Testing (DAST)](../user/application_security/dast/proxy-based.md) supports a reduced set of analyzers. The proxy-based analyzer and on-demand scanning is not available in FIPS mode today, however browser-based DAST, API security testing, and API fuzzing images are available.
 - [Solutions for vulnerabilities](../user/application_security/vulnerabilities/index.md#resolve-a-vulnerability)
  for yarn projects.
 - [Static Application Security Testing (SAST)](../user/application_security/sast/index.md)

--- a/doc/user/application_security/api_fuzzing/configuration/requirements.md
+++ b/doc/user/application_security/api_fuzzing/configuration/requirements.md
@@ -33,10 +33,11 @@ type: reference, howto
 ## Recommendations

 - Configure runners to use the [always pull policy](https://docs.gitlab.com/runner/executors/docker.html#using-the-always-pull-policy) to run the latest versions of the analyzers.
- By default, API Fuzzing downloads all artifacts defined by previous jobs in the pipeline. If
-  your API Fuzzing job does not rely on `environment_url.txt` to define the URL under test or any other files created
-  in previous jobs, we recommend you don't download artifacts. To avoid downloading
-  artifacts, extend the analyzer CI/CD job to specify no dependencies. For example, for the DAST proxy-based analyzer add the following to your `.gitlab-ci.yml` file:
+- By default, API Fuzzing downloads all artifacts defined by previous jobs in the pipeline. If your
+  API Fuzzing job does not rely on `environment_url.txt` to define the URL under test or any other
+  files created in previous jobs, you should not download artifacts. To avoid downloading artifacts,
+  extend the analyzer CI/CD job to specify no dependencies. For example, for the API fuzzing
+  analyzer, add the following to your `.gitlab-ci.yml` file:

  ```yaml
  apifuzzer_fuzz:

--- a/doc/user/application_security/api_security_testing/configuration/requirements.md
+++ b/doc/user/application_security/api_security_testing/configuration/requirements.md
@@ -33,10 +33,11 @@ type: reference, howto
 ## Recommendations

 - Configure runners to use the [always pull policy](https://docs.gitlab.com/runner/executors/docker.html#using-the-always-pull-policy) to run the latest versions of the analyzers.
- By default, API security testing downloads all artifacts defined by previous jobs in the pipeline. If
-  your DAST job does not rely on `environment_url.txt` to define the URL under test or any other files created
-  in previous jobs, we recommend you don't download artifacts. To avoid downloading
-  artifacts, extend the analyzer CI/CD job to specify no dependencies. For example, for the DAST proxy-based analyzer add the following to your `.gitlab-ci.yml` file:
+- By default, API security testing downloads all artifacts defined by previous jobs in the pipeline.
+  If your DAST job does not rely on `environment_url.txt` to define the URL under test or any other
+  files created in previous jobs, you should not download artifacts. To avoid downloading artifacts,
+  extend the analyzer CI/CD job to specify no dependencies. For example, for the API security
+  testing analyzer, add the following to your `.gitlab-ci.yml` file:

  ```yaml
  api_security:

--- a/doc/user/application_security/dast/on-demand_scan.md
+++ b/doc/user/application_security/dast/on-demand_scan.md
@@ -18,7 +18,7 @@ Only run DAST scans against a test server.
 ## On-demand scans

 > - Runner tags selection [enabled on GitLab.com and self-managed](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/111499) in GitLab 16.3.
-> - Browser based on-demand DAST scans available from GitLab 17.0 since [proxy-based DAST was removed in the same version](../../../update/deprecations.md#proxy-based-dast-deprecated).
+> - Browser based on-demand DAST scans available in GitLab 17.0 and later because [proxy-based DAST was removed in the same version](../../../update/deprecations.md#proxy-based-dast-deprecated).

 An on-demand DAST scan runs outside the DevOps lifecycle. Changes in your repository don't trigger
 the scan. You must either start it manually, or schedule it to run. For on-demand DAST scans,

--- a/doc/user/application_security/index.md
+++ b/doc/user/application_security/index.md
@@ -115,7 +115,7 @@ The following vulnerability scanners and their databases are regularly updated:
 |:----------------------------------------------------------------|:---------------------------------|
 | [Container Scanning](container_scanning/index.md)            | A job runs on a daily basis to build new images with the latest vulnerability database updates from the upstream scanner. GitLab monitors this job through an internal alert that tells the engineering team when the database becomes more than 48 hours old. For more information, see the [Vulnerabilities database update](container_scanning/index.md#vulnerabilities-database). |
 | [Dependency Scanning](dependency_scanning/index.md)          | Relies on the [GitLab Advisory Database](https://gitlab.com/gitlab-org/security-products/gemnasium-db). It is updated on a daily basis using [data from NVD, the `ruby-advisory-db` and the GitHub Advisory Database as data sources](https://gitlab.com/gitlab-org/security-products/gemnasium-db/-/blob/master/SOURCES.md). |
-| [Dynamic Application Security Testing (DAST)](dast/index.md) | [DAST proxy-based](dast/browser/index.md) and [browser-based](dast/browser/index.md) engines are updated on a periodic basis. [DAST proxy-based](dast/browser/index.md) analyzer downloads the scanning rules at scan runtime. See the [version of the underlying tool `zaproxy`](https://gitlab.com/gitlab-org/security-products/dast/blob/main/Dockerfile#L27). [DAST browser-based](dast/browser/index.md) rules run [different vulnerability checks](dast/browser/checks/index.md). |
+| [Dynamic Application Security Testing (DAST)](dast/index.md) | [DAST](dast/browser/index.md) analyzer is updated on a periodic basis. |
 | [Secret Detection](secret_detection/pipeline/index.md#detected-secrets) | GitLab maintains the [detection rules](secret_detection/pipeline/index.md#detected-secrets) and [accepts community contributions](secret_detection/pipeline/index.md#add-new-patterns). The scanning engine is updated at least once per month if a relevant update is available. |
 | [Static Application Security Testing (SAST)](sast/index.md)  | The source of scan rules depends on which [analyzer](sast/analyzers.md) is used for each [supported programming language](sast/index.md#supported-languages-and-frameworks). GitLab maintains a ruleset for the Semgrep-based analyzer and updates it regularly based on internal research and user feedback. For other analyzers, the ruleset is sourced from the upstream open-source scanner. Each analyzer is updated at least once per month if a relevant update is available. |