Backend: Pre scan verification

Backend implementation for the pre-scan verification:

Create new tables to store the pre-scan verification status:

• dast_pre_scan_verifications
• status: (Running, Complete, Complete with Errors, Failed)
• dast_profile_id
• ci_pipeline_id(cross-database foreign key)
• created_at
• updated_at

The valid attribute will be computed taking the delta between the updated_at of the dast_site_profile and the created_at of the dast_pre_scan_verification as suggested here.

We just need to keep in our database the last pre-scan-verification for the dast_profile.

• dast_pre_scan_verification_steps
• dast_pre_scan_verification_id
• name
• errors

The success attribute will be computed by the dast_pre_scan_verification_step model. A verification step will be considered a success if the errors attribute is nil or empty.

• Create a REST internal endpoint to receive the pre-scan results from the analyzers

POST /api/v4/internal/dast/pre_scan_verification/$PRE_SCAN_VERIFICATION_ID

payload

{
    "pipeline": {
        "id": "1234567",
        "errors": []
    },
    "connection": {
        "errors": []
    },
    "authentication": {
        "errors": [
            "Actionable error message"
        ]
    },
    "crawling": {
        "errors": []
    }
}

• Create a GraphQL query to return the pre-scan validation status

• Update the dastProfileCreate mutation to accept a new field runPreScanVerificationAfterCreate

Update ee/app/services/app_sec/dast/scan_configs/build_service.rb#ci_configuration to use the new pre-scan verifications template for pre-scan verifications.

Update ee/app/services/app_sec/dast/scans/create_service.rb to create the pipeline with the additional validation variables(PRE_SCAN_VERIFICATION_ID) similar to what is done in ee/app/services/app_sec/dast/site_validations/runner_service.rb