Update DAST On-Demand Scan Template
What does this MR do and why?
Describe in detail what your merge request does and why.
This Merge Request address the following requirement of the issue :#327070 (closed)
As part of on-demand scans, users can run an API scan through a web interface. The On-demand process uses the OnDemand YAML file https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Security/DAST-On-Demand-Scan.gitlab-ci.yml.
When the API Security (Peach DAST scanner) tool is ready to roll out as the default API scanner, the template above should be updated to use the API Security DAST scanner instead of the zap engine.
The new scanner tool is not ready yet.
We should use a Feature Flag and keep it disabled until the new scanner tool is ready to roll out.
Screenshots or screen recordings
These are strongly recommended to assist reviewers and reduce the time to merge your change.
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.
- Enable the Feature Flag dast_api_scanner
rails c
Feature.enable(:dast_api_scanner)-
Create a new DAST On-Demand scan
- Choose a project
- Go to Security & Compliance > On-demand Scans
- Click on the New DAST scan
-
Create a new Site Profile selecting Rest API as Site Type
-
Create a new On_demand DAST Scan using the site profile created in the previous step
-
Click in save and run scan
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.