Add Authentication Options for DAST API On-Demand screens
Problem
The design for DAST API on-demand scans does not support the use of authentication. Depending on the use case for customers, they may have a need to pass in username/passwords for basic authentication or use another method.
While they can put authentication values in the header fields, this is not a good practice as all sensitive information should be encrypted in the database, or use CI variables.
Proposal
- Update the
Excluded paths
andAdditional request headers
fields as follows:- Add documentation on the screen on how to use https://docs.gitlab.com/ee/user/application_security/dast_api/#token-doesnt-expire
- Update the description text for both form fields
- Move the current description text to the help text area (below input)
- Add fields for inputting username/password for basic authentication.
Implementation Details
Edited by Dheeraj Joshi