DAST On-demand scans MVC - Initiate Scan [parent issue]
Problem to solve
This is the Initiate Scan part of #216876 (closed).
Proposal
As an MVC, this feature would introduce on-demand scans by adding a page where a user can specify the target URL and start a scan. The scan would use the passive mode to scan the site for 60 seconds. Once the user starts the scan, we can redirect them to the pipeline page to show the job running. These jobs will always be associated with the default or master branch and the results can be seen in the project dashboard or the pipeline dashboard.
Further details
| Empty status | New scan nothing filled in | New scan, url filled |
|---|---|---|
 |
 |
 
|
| + side bar +illustration + two buttons |
+ new form, url not filed + cancel button goes back to empty page |
+ valide url filled in and button enabled |
Implementation Steps
Addition of Asynchronous Scans in the Security & Compliance menue
- Behind a feature flag
Splash Page for starting scans (Empty Status)
- Static frontend only page.
New scan page
- Static page, does not load server data. Hard code master branch in disabled pull down.
- Frontend regex validate to url (consider
type="url").
- Backend accepts url and initiates pipeline/job. Returns pipeline ID to front-end.
- Need to store 'on-demand-dast', 'url' values either at the job or pipeline level.
- Strongly prefer GraphQL for this endpoint.
- Redirect user to specific pipeline page based on pipeline ID returned by BE.
documentation #218686 (closed)
Post MVC
Viewing previously run scans on a dedicated screen will be deferred to post-mvc #218587 (closed).