DAST Scanner profile implementation - add name/timeouts (#222767) · Issues · GitLab.org / GitLab

DAST Scanner profile implementation - add name/timeouts

Problem to solve

As a user, I want to be able to create a "Scanner profile" to use in my on-demand DAST scans, so that I can create multiple ways of scanning my sites within a single project.

Intended users

User experience goal

The user should be able to create a Scanner profile from either the Profile Library or the On-demand scan initiation page and specify the profile name, the Spider timeout, and the Target timeout.

Proposal

Review the design: #217016

The user should be able to create a Scanner profile that contains:

Profile Name
Spider timeout
Target timeout

This profile should then be selectable in the On-demand scan page for the project. The ability to create a profile should be linked from both the Profile Library page and the On-demand scan page, so that the user doesn't have to use the left navigation to create a profile if they are already at either page.

Further details

Maintainer, owner, and developer roles should have access to create new Scanner profiles.

Documentation

The DAST config docs should be updated to include creating new Scanner profiles.

Designs

### Problem to solve

As a user, I want to be able to create a "Scanner profile" to use in my on-demand DAST scans, so that I can create multiple ways of scanning my sites within a single project.
### Intended users

<!-- Who will use this feature? If known, include any of the following: types of users (e.g. Developer), personas, or specific company roles (e.g. Release Manager). It's okay to write "Unknown" and fill this field in later.

Personas are described at https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/

* [Cameron (Compliance Manager)](https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/#cameron-compliance-manager)
* [Parker (Product Manager)](https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/#parker-product-manager)
* [Delaney (Development Team Lead)](https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/#delaney-development-team-lead)
* [Presley (Product Designer)](https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/#presley-product-designer)
* [Sasha (Software Developer)](https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/#sasha-software-developer)
* [Devon (DevOps Engineer)](https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/#devon-devops-engineer)
* [Sidney (Systems Administrator)](https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/#sidney-systems-administrator)
* [Sam (Security Analyst)](https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/#sam-security-analyst)
* [Rachel (Release Manager)](https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/#rachel-release-manager) 
* [Alex (Security Operations Engineer)](https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/#alex-security-operations-engineer)
* [Simone (Software Engineer in Test)](https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/#simone-software-engineer-in-test)
* [Allison (Application Ops)](https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/#allison-application-ops) 
* [Priyanka (Platform Engineer)](https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/#priyanka-platform-engineer)
* [Dana (Data Analyst)](https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/#dana-data-analyst)
-->
* [Sasha (Software Developer)](https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/#sasha-software-developer)
* [Sam (Security Analyst)](https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/#sam-security-analyst)

### User experience goal

The user should be able to create a Scanner profile from either the Profile Library or the On-demand scan initiation page and specify the profile name, the Spider timeout, and the Target timeout.

### Proposal

Review the design: https://gitlab.com/gitlab-org/gitlab/-/issues/217016

The user should be able to create a Scanner profile that contains:
- Profile Name
- Spider timeout
- Target timeout

Maintainer, owner, and developer roles should have access to create new Scanner profiles.

### Documentation

The [DAST config docs](https://docs.gitlab.com/ee/user/application_security/dast/#configuration) should be updated to include creating new Scanner profiles.

### Designs

![scan_profile_iteration_1](/uploads/84e169bb0c2e62adf883c94b8b2eaebc/scan_profile_iteration_1.png)

Edited Jul 02, 2020 by Seth Berger

Discussion
Designs