Disable On Demand DAST Scans in FIPS mode (!130744) · Merge requests · GitLab.org / GitLab

Arpit Gogia requested to merge 409061-disable-ods-fips into master Sep 01, 2023

What does this MR do and why?

Disable on demand scans when in FIPS mode

Add ::Gitlab::FIPS.enabled? to condition(:on_demand_scans_enabled)
404 when trying to access /<project>/-/on_demand_scans
Remove On-demand Scans from the sidebar Secure menu

Relevant Issue: https://gitlab.com/gitlab-org/gitlab/-/issues/409061

Screenshots or screen recordings

How to set up and validate locally

For testing:

Hardcode ::Gitlab::FIPS.enabled? to true in lib/gitlab/fips.rb
Navigate to http://gdk.test:3000/root/dast-test/-/on_demand_scans to observe 404
Navigate to the project page and check "Secure" section of the sidebar to observe the missing on-demand scans option.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Related to #409061

Edited Sep 04, 2023 by Arpit Gogia

Disable On Demand DAST Scans in FIPS mode

What does this MR do and why?

Screenshots or screen recordings

How to set up and validate locally

MR acceptance checklist

Merge request reports