Adherence check - Dynamic Application Security Testing (DAST)

Problem to solve

To adhere to regulatory standards and to provide evidence of compliance, I need to be able to generate a report for auditors detailing the last date/time each of my repositories were scanned by each security scanner. I would leverage this data to also action against projects that are out of compliance to bring them into compliance and ensure that scanners are properly enabled/enforced to run.

Proposal

Add an adherence check for the "GitLab Standard" that checks that Dynamic Application Security Testing (DAST) is enabled on the project.

DAST can be enabled to configure DAST for the current project. For more details, https://docs.gitlab.com/ee/user/application_security/dast/on-demand_scan.html

Implementation plan