Add script for performing DAST site validation (!1) · Merge requests · GitLab.org / security-products / dast runner validation

Philip Cunningham requested to merge philipcunningham-move-dast-site-validation-to-runner-324990 into main May 18, 2021

What?

this merge request implements a new script that will run inside a docker container on a runner to validate dast sites for on-demand scans.

Why?

currently site validation takes place in a sidekiq job, which isn't always guaranteed to be on the same network as the target application. this prevents customers from performing active scans against targets that aren't accessible from their gitlab instance. moving validation to the runner allows these to be more easily brought into alignment.

Notes

license !2 (merged)
readme !3 (merged)
security checks !4 (merged)

Related Issue(s)

gitlab-org/gitlab#324990 (closed)

Related Merge Request(s)

gitlab-org/gitlab!61649 (merged)

Edited Jun 23, 2021 by Philip Cunningham

Admin message

Add script for performing DAST site validation

What?

Why?

Notes

Related Issue(s)

Related Merge Request(s)

Merge request reports