DAST On-demand scans MVC - Initiate Scan [parent issue]
Problem to solve
This is the Initiate Scan part of #216876 (closed).
As an MVC, this feature would introduce on-demand scans by adding a page where a user can specify the target URL and start a scan. The scan would use the passive mode to scan the site for 60 seconds. Once the user starts the scan, we can redirect them to the pipeline page to show the job running. These jobs will always be associated with the default or master branch and the results can be seen in the project dashboard or the pipeline dashboard.
|Empty status||New scan nothing filled in||New scan, url filled|
|+ side bar
+ two buttons
|+ new form, url not filed
+ cancel button goes back to empty page
|+ valide url filled in and button enabled
Addition of Asynchronous Scans in the Security & Compliance menue
- Behind a feature flag
Splash Page for starting scans (Empty Status)
- Static frontend only page.
New scan page
- Static page, does not load server data. Hard code master branch in disabled pull down.
- Frontend regex validate to url (consider
- Backend accepts url and initiates pipeline/job. Returns pipeline ID to front-end.
- Need to store 'on-demand-dast', 'url' values either at the job or pipeline level.
- Strongly prefer GraphQL for this endpoint.
- Redirect user to specific pipeline page based on pipeline ID returned by BE.
Viewing previously run scans on a dedicated screen will be deferred to post-mvc #218587.