Skip to content
GitLab Next
  • Menu
Projects Groups Snippets
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
  • GitLab GitLab
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
    • Locked Files
  • Issues 43,121
    • Issues 43,121
    • List
    • Boards
    • Service Desk
    • Milestones
    • Iterations
    • Requirements
  • Merge requests 1,354
    • Merge requests 1,354
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
    • Test Cases
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Packages & Registries
    • Packages & Registries
    • Package Registry
    • Container Registry
    • Infrastructure Registry
  • Monitor
    • Monitor
    • Metrics
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Code review
    • Insights
    • Issue
    • Repository
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar

GitLab 15.0 has launched! Please visit Breaking changes in 15.0 and 15.0 Removals to see which breaking changes may impact your workflow.

  • GitLab.org
  • GitLabGitLab
  • Issues
  • #218465
Closed
Open
Created May 19, 2020 by Seth Berger@sethgitlabDeveloper

DAST On-demand scans MVC - Initiate Scan [parent issue]

Problem to solve

This is the Initiate Scan part of #216876 (closed).

Proposal

As an MVC, this feature would introduce on-demand scans by adding a page where a user can specify the target URL and start a scan. The scan would use the passive mode to scan the site for 60 seconds. Once the user starts the scan, we can redirect them to the pipeline page to show the job running. These jobs will always be associated with the default or master branch and the results can be seen in the project dashboard or the pipeline dashboard.

Further details

Empty status New scan nothing filled in New scan, url filled
Empty_Ondemand New_scan-step1 New_scan-step1.1New_scan-step1.2-valid-success
+ side bar
+illustration
+ two buttons
+ new form, url not filed
+ cancel button goes back to empty page
+ valide url filled in and button enabled

Implementation Steps

Addition of Asynchronous Scans in the Security & Compliance menue

  1. Behind a feature flag

Splash Page for starting scans (Empty Status)

frontend #218680 (closed)

  1. Static frontend only page.

New scan page

frontend #218683 (closed)

  1. Static page, does not load server data. Hard code master branch in disabled pull down.
  2. Frontend regex validate to url (consider type="url").

backend #218685 (closed)

  1. Backend accepts url and initiates pipeline/job. Returns pipeline ID to front-end.
    • Need to store 'on-demand-dast', 'url' values either at the job or pipeline level.
    • Strongly prefer GraphQL for this endpoint.
  2. Redirect user to specific pipeline page based on pipeline ID returned by BE.

documentation #218686 (closed)

Post MVC

Viewing previously run scans on a dedicated screen will be deferred to post-mvc #218587 (closed).

Links / references

Edited May 29, 2020 by Camellia X Yang
Assignee
Assign to
Time tracking