Disable On Demand DAST Scans in FIPS mode
What does this MR do and why?
Disable on demand scans when in FIPS mode
-
Add ::Gitlab::FIPS.enabled?
tocondition(:on_demand_scans_enabled)
-
404 when trying to access /<project>/-/on_demand_scans
-
Remove On-demand Scans
from the sidebarSecure
menu
Relevant Issue: https://gitlab.com/gitlab-org/gitlab/-/issues/409061
Screenshots or screen recordings
How to set up and validate locally
For testing:
- Hardcode
::Gitlab::FIPS.enabled?
totrue
in lib/gitlab/fips.rb - Navigate to
http://gdk.test:3000/root/dast-test/-/on_demand_scans
to observe 404 - Navigate to the project page and check "Secure" section of the sidebar to observe the missing on-demand scans option.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #409061
Edited by Arpit Gogia