Custom DAST Checks

Problem

Customer often ask about adding to our vulnerability checks. This is a capability that other DAST tools provide.

Proposal

Expose our YAML vulnerability check format to customers. This format allows the creation of simple checks using our YAML DSL syntax.

Implementation plan

MVC:

• Location on disk to find YAML files (~/.gitlab/dast/checks/*.yml)
• Load custom YAML (will this need a processing step?)
• Document format (biggest lift here)
• Provide examples
• Testing

Follow on:

• Way to test/debug checks from CLI without running a full DAST scan/pipeline