Extend support for DAST & SAST for Auto Deploy to ECS

Problem to solve

AutoDevOps users that use Kubernetes enjoy all the stages of auto devOps while AWS users do not enjoy the support of security scanning. As a user deploying to AWS I want to enjoy the entire AutoDevOps pipeline like a K8s user

Intended users

• Devon (DevOps Engineer)

User experience goal

Proposal

Make DAST & SAST work for non K8s targets

Further details

We recently added support to deploy to ECS using AutoDevops

• #218841 (closed)
• #39089 (closed)

SAST and DAST are currently not compatible with that in the AutoDevOps workflow.

Permissions and Security

Documentation

Availability & Testing

What does success look like, and how can we measure that?

What is the type of buyer?

Is this a cross-stage feature?

~"devops::configure" & devopssecure

Links / references

This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.

Implementation

• SAST already works 🎉
• Change ecs update-task-definition to wait until the rolloutState is COMPLETED - cloud-deploy!49 (merged)
• Add function to ECS deploy image to get hostname of the deployed task - cloud-deploy!50 (merged)
• Update the review app jobs in ECS.gitlab-ci.yml to artifact environment_url.txt - !90265 (merged)
• Create ECS deploy/teardown jobs for dast-default environment - !90730 (merged)