DAST On-demand scans MVC - Design

Problem to solve

As a security professional, I want to scan web applications that are deployed throughout my organization, so that I can validate the security of my site outside of code changes and MRs.

Intended users

User experience goal

The goal is to introduce our users to DAST scans that run outside of the typical MR workflow. They are on-demand scans that will allow users to validate issues when there are no code changes or allow for security professionals who do not commit code to use GitLab for their DAST testing needs.

Proposal

As an MVC, this feature would introduce on-demand scans by adding a page where a user can specify the target URL and start a scan. The scan would use the passive mode to scan the site for 60 seconds. Once the user starts the scan, we can redirect them to the pipeline page to show the job running. These jobs will always be associated with the default or master branch and the results can be seen in the project dashboard or the pipeline dashboard.

Further details

Empty status	New scan nothing filled in	New scan, url filled with URL format validati	After created running scan - button disabled	After created finished scan	Pipeline list page	Pipeline detail page-scan finished

+ side bar Nav +illustration + two buttons	+ new form, url not filed + cancel button goes back to empty page	+ valide url filled in and button enabled	+Simple list +Detail button disabled, with tool tips if hover +Create new button on top right	+Detail button lead user to Pipeline page "Security Tab"	+ new label: DAST scan + new label: DAST scan	Nothing changed in the result area, same as current pipeline view