Customers should be able to view the browser of a DAST scan as it is running

Proposal

To help diagnose scan errors, it should be possible for a customer to view what is happening in a browser when their web application is being scanned.

Reference

References customer issue #362637 (closed).

Constraints

• The Docker image would likely need to be triggered directly, this could not be done from within GitLab
• There would only be a maximum of one browser

Implementation suggestion

• Run Chromium in a headful manner. This would require a windowing system.
• Run VNC so that it others can connect to it externally.
• Require an environment variable to be set so that normally Chromium may continue to run headless.