Use runner for DAST Site Validation

What does this MR do?

this merge request adds the ability to validate a dast site for active scans using the runner rather than using a sidekiq worker. the rationale behind this is that we wanted to give customers the ability to validate sites that may inaccessible from their gitlab instance but accessible from their runners. it may be enabled with the feature flag dast_runner_site_validation.


this feature will have accompanying documentation in the merge request that enables the feature flag by default.

Related Issue(s)

Manual QA


you'll see that the job runs the container script correctly but it fails. this is because there's a bug in the api that's fixed in this merge request.



Happy Path


Sad Path


Does this MR meet the acceptance criteria?


Availability and Testing


Does this MR contain changes to processing or storing of credentials or tokens, authorization and authentication methods or other items described in the security review guidelines? If not, then delete this Security section.

  • Label as security and @ mention @gitlab-com/gl-security/appsec
  • The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
  • Security reports checked/validated by a reviewer from the AppSec team
Edited by Philip Cunningham