Skip to content
Snippets Groups Projects
Commit f5309294 authored by Russell Dickenson's avatar Russell Dickenson
Browse files

Merge branch '415948-include-request-headers-in-target-probe' into 'master'

Document format of headers in advertised DAST scans

See merge request !136560



Merged-by: default avatarRussell Dickenson <rdickenson@gitlab.com>
Approved-by: default avatarRussell Dickenson <rdickenson@gitlab.com>
Co-authored-by: Cameron Swords's avatarCameron Swords <cswords@gitlab.com>
Co-authored-by: Erran Carey's avatarErran Carey <ecarey@gitlab.com>
parents 83035abd c6d6eb85
No related branches found
No related tags found
1 merge request!136560Document format of headers in advertised DAST scans
Pipeline #1069563641 passed
......@@ -175,7 +175,7 @@ For authentication CI/CD variables, see [Authentication](authentication.md).
| CI/CD variable | Type | Example | Description |
|:--------------------------------------------|:---------------------------------------------------------|----------------------------------------|:------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `DAST_ADVERTISE_SCAN` | boolean | `true` | Set to `true` to add a `Via` header to every request sent, advertising that the request was sent as part of a GitLab DAST scan. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/334947) in GitLab 14.1. |
| `DAST_ADVERTISE_SCAN` | boolean | `true` | Set to `true` to add a `Via` header to every request sent, advertising that the request was sent as part of a GitLab DAST scan. The header value starts with `GitLab DAST`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/334947) in GitLab 14.1. |
| `DAST_BROWSER_ACTION_STABILITY_TIMEOUT` | [Duration string](https://pkg.go.dev/time#ParseDuration) | `800ms` | The maximum amount of time to wait for a browser to consider a page loaded and ready for analysis after completing an action. |
| `DAST_BROWSER_ACTION_TIMEOUT` | [Duration string](https://pkg.go.dev/time#ParseDuration) | `7s` | The maximum amount of time to wait for a browser to complete an action. |
| `DAST_BROWSER_ALLOWED_HOSTS` | List of strings | `site.com,another.com` | Hostnames included in this variable are considered in scope when crawled. By default the `DAST_WEBSITE` hostname is included in the allowed hosts list. Headers set using `DAST_REQUEST_HEADERS` are added to every request made to these hostnames. |
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment