Frontend: API Security updates for DAST
Main Issue: #327070 (closed)
Why are we doing this work
In order to switch to DAST On-demand API scan, a few frontend changes need to be put in place.
This design issue details the changes.
Implementation Plan
This should affect all places rendering DAST Site Profile related information
Copy updates
-
Change "Rest API" to "API" -
Change "Target URL" to "API Endpoint URL" -
Change "Excluded URLS" to "Excluded Paths"
New option - "Scan Method"
-
Add a new GlDropdown
component-
with label as Scan method
-
with description as Select which testing method to use
-
add documentation link to it - with options
HTTP Archive (HAR)
OpenAPI
Postman collection
-
-
Add corresponding input fields -
HAR file path or URL
-
OpenAPI Specification file path or URL
-
Postman collection file path or URL
-
- Reusing API fuzzing components (To be evaluated further)
-
Create a new component and make it reusable -
or just reuse SCAN_MODES
-
Affected frontend components (for all the changes)
-
DAST Site Profile Form -
DAST Profile Summary -
Corresponding Specs
GraphQL changes
See #327070 (closed) for details
-
Update dast_site_profiles.query.graphql
-
Update dastSiteProfileCreate
-
Update dastSiteProfileUpdate
Feature flag
-
Put all the changes behind dast_api_scanner
feature flag
Edited by Dheeraj Joshi