Skip to content

DAST configuration - update unvalidated site profile alert banner

Problem

When configuring a DAST scan, the alert banner that is displayed when trying to run an active scan against an unvalidated site profile does not link to the most relevant section of our documentation. Additionally, the alert could do a better job guiding users down the correct path instead of only linking out to documentation.

This issue has been deemed a blocker for DAST CMS for verifying "Viable" status

Proposal

  1. The learn more about site validation text on the alert banner should be updated to use the most relevant documentation URL: https://docs.gitlab.com/ee/user/application_security/dast/index.html#site-profile-validation
  2. Users should be given an entry point into the site validation workflow by add an action button to the alert linking them to the DAST site profile management screen (-/security/configuration/dast_scans#site-profiles).
  3. Update the alert's description text to the following (changes are in italic):

You can either choose a passive scan or validate the target site from the site profile management page. Learn more about site validation