Dynamic Analysis - 13.8 planning issue

🔒 Secure, Dynamic Analysis - Kickoff Videos

Assess your applications and services by scanning your running application for vulnerabilities and weaknesses.

devopssecure groupdynamic analysis

Feature	Issue	Priority
Browserker	https://gitlab.com/gitlab-org/security-products/analyzers/browserker/-/issues/1	milestonep1
On-demand site validation	Epic	milestonep2
Site profile - remaining options	Epic	milestonep3
Aggregate noisy DAST vulnerabilities into a single vulnerability	#254043 (closed)	milestonep3
Peach API Security	&4254 (closed)	milestonep4

Themes

Browserker

On-demand DAST updates

• Site validation
• Site profile - remaining options

Deduplication

In-progress designs

• On-demand DAST scheduler
• DAST configuration UI

Release Post Candidates

• Add DAST.latest.gitlab-ci.yml template
• Site validation for on-demand scans
• Site profile updates - authentication, exclude URLs, additional headers
• Active Scan mode in On-demand DAST Scanner Profile
• Aggregate identical DAST vulnerabilities into a single vulnerability

Deprecation release posts

• Remove legacy DAST domain validation
• Removal of legacy fields from DAST report
• DAST environment variable renaming and removal
• Remove DAST default template stages
• Remove DAST spider reset to host root

Checklist

• Issues all have backend, frontend or UX label
• Issues all have weights