Dynamic Analysis 17.0 deprecations, removals and breaking changes
Problem to solve
The next major release is always there too quickly, let's make sure we're prepared for %17.0!
Deprecation issues
-
Deprecate `DAST_BROWSER_ACTION_STABILITY_TIMEOUT` (#428112 - closed) -
Deprecation - Proxy-based DAST & BAS (#430966 - closed)
Removal issues
-
Remove the ability to use a selector with no type (deprecated since 15.8)
Candidates to be discussed
- Stop publishing to gitlab-org/security-products... (#334928 - closed)
- Remove the "none provided" selector type for fields that are selectors. This defaults to id, name or css selector search. This makes scans slower and makes it harder to investigate problems with authenticated scans. Deprecated since 15.8. (see https://docs.gitlab.com/ee/user/application_security/dast/authentication.html#finding-an-elements-selector)
- Should we consolidate base images for Browserker/DAST?
-
@erran Should we remove the separate container images used for BAS? It would require:
- Merge browsker changes.
- Merge DAST changes.
- Publish a new DAST+BAS image which lets users know using the separate image is no longer required.
- Update the BAS CI/CD template to stop overriding the image name for the DAST job
- Remove the separate images DAST+BAS images.
- Replace
DAST_BROWSER_prefix withDAST_for configuration variables - Review configuration variables to make sure they have a sensible name
Edited by Sara Meadzinger