Make DAST job using GIT_STRATEGY: none when relevant

Problem to solve

When firing the DAST analysis CI job, the repository will be cloned to be able to access its content. This is useless for now as we don't provide any way to customize DAST analysis by leveraging a config file within the repository.

Though they are open issues (e.g. https://gitlab.com/gitlab-org/gitlab-ee/issues/9904) about adding such support, so it may be necessary to actually have access to the repository content in some cases.

Intended users

Developers

Proposal

Make GIT_STRATEGY none by default in the vendored template unless there is a reason to do otherwise (e.g. a config file option is given).

Not 100% sure this is achievable though, we need to dig into CI config options.

Documentation

We may update https://docs.gitlab.com/ee/ci/examples/dast.html

What does success look like, and how can we measure that?

Dast job only clone repo when this is relevant.

What is the type of buyer?

GitLab Ultimate

Implementation plan

• Add GIT_STRATEGY variable to the DAST.gitlab-ci.yml template
• Verify locally that the repository is not cloned
• Verify locally that a user can extend the dast job to have the repository be cloned
• Add documentation to https://docs.gitlab.com/ee/user/application_security/dast/#configuration describing how to clone the repository and describe that it's not clone by default (and how it can be cloned)