DAST On-demand Scheduler - Implement Scheduling

related link(s)

implementation plan

use Extend DAST scan execution policy to support scheduled execution as a guide.

model changes

  • create new model Dast::ProfileSchedule
    • id :: bigint
    • dast_profile_id :: bigint
    • user_id :: bigint (owner of the schedule)
    • next_run_at :: timestamp with time zone
    • cron :: text
  • add relevant model associations to dast_profile and dast_profile_schedule

worker

  • create a new worker AppSec::Dast::ProfileScheduleWorker
  • enumerate upcoming scheduled scans and create a dast scan using ::DastOnDemandScans::CreateService

settings

  • extend Settings.cron_jobs with newly created worker AppSec::Dast::ProfileScheduleWorker
  • extend ee/app/workers/all_queues.yml with newly created

gotchas

  • Ci::Pipeline needs a user to ensure scan runs correctly hence necessity of owner concept
Edited by Philip Cunningham