Skip to content

DAST Saved Scans - On-demand scans form - Add fields

Paul Gascou-Vaillancourt requested to merge 295241-saved-scans-fields into master

What does this MR do?

This adjusts the On-demand scans form to match saved scans requirements:

  • Added a name field.
  • Added a description field.
  • The Run scan button has been renamed to Save and run scan.
  • A new Save scan button has been added.

Those changes are feature-flagged and are currently non-functional while the backend is being worked on.

How to test this?

  1. Enable the feature flag:
echo "Feature.enable(:dast_saved_scans)" | rails c
  1. Mock the API by applying the following patch:
diff --git a/ee/app/assets/javascripts/on_demand_scans/graphql/dast_scan_create.mutation.graphql b/ee/app/assets/javascripts/on_demand_scans/graphql/dast_scan_create.mutation.graphql
index f7c664d275a..8d50dcdb55c 100644
--- a/ee/app/assets/javascripts/on_demand_scans/graphql/dast_scan_create.mutation.graphql
+++ b/ee/app/assets/javascripts/on_demand_scans/graphql/dast_scan_create.mutation.graphql
@@ -15,7 +15,7 @@ mutation dastScanCreate(
       dastScannerProfileID: $dastScannerProfileID
       runAfterCreate: $runAfterCreate
-  ) {
+  ) @client {
     dastScan {
diff --git a/ee/app/assets/javascripts/on_demand_scans/graphql/provider.js b/ee/app/assets/javascripts/on_demand_scans/graphql/provider.js
index ef96b443da8..15727d089c5 100644
--- a/ee/app/assets/javascripts/on_demand_scans/graphql/provider.js
+++ b/ee/app/assets/javascripts/on_demand_scans/graphql/provider.js
@@ -4,6 +4,20 @@ import createDefaultClient from '~/lib/graphql';
+const resolvers = {
+  Mutation: {
+    dastScanCreate: () => {
+      return {
+        dastScan: {
+          editPath: '/your/scan/edit/page',
+        },
+        pipelineUrl: '/your/dast/pipeline',
+        errors: [],
+      };
+    },
+  },
 export default new VueApollo({
-  defaultClient: createDefaultClient(),
+  defaultClient: createDefaultClient(resolvers),
  1. Browse to the new DAST scan page at /:namespace/:project/-/on_demand_scans/new.
  2. Fill-in the form and click on Save and run scan, you should be redirected to /your/dast/pipeline (path mocked in the patch above).
  3. Go back to the form, fill it again and click on Save scan, you should be redirected to /your/scan/edit/page (also mocked in the patch).

Screenshots (strongly suggested)

Before After
gdk.test_3000_Commit451_security-reports_-on_demand_scans_iPad_Pro gdk.test_3000_Commit451_security-reports_-on_demand_scans__iPad_Pro___1

Does this MR meet the acceptance criteria?


Availability and Testing


If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

  • Label as security and @ mention @gitlab-com/gl-security/appsec
  • The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
  • Security reports checked/validated by a reviewer from the AppSec team

Related to #295241 (closed)

Edited by Paul Gascou-Vaillancourt

Merge request reports