Use DAST_API_EXCLUDE_URLS with DAST API on-demand scans (!89270) · Merge requests · GitLab.org / GitLab

Michael Eddington requested to merge 363422-fix-variable-prefix into master Jun 03, 2022

What does this MR do and why?

Updating the DAST on-demand code to use the correct variable DAST_API_EXCLUDE_URLS when performing an api scan. Recent changes to the DAST on-demand scan to support using API Security for DAST API scans did not use the correct variable prefix for EXCLUDE_URLS, always using DAST_ instead of DAST_API_.

Changes affect feature still behind feature flag that is not yet enabled.
No documentation changes needed.
Related to #363422 (closed)

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Jun 06, 2022 by Michael Eddington

Use DAST_API_EXCLUDE_URLS with DAST API on-demand scans

What does this MR do and why?

MR acceptance checklist

Merge request reports