The Dynamic Analysis group will be removing our proxy-based DAST product to unify our DAST offerings. Our proprietary Browser-based DAST offering will be the only one supported going forward. This has been a long effort building out the scanner and enabling all active and passive checks that ZAP previously provided to create a seamless transition for our customers. We will continue to develop on our offering, improving detection and performance for the scanner. ## Purpose This epic is a placeholder for identifying the scope required to remove our legacy proxy-based/ZAP based DAST offering. Once scope in this issue is complete, ZAP will able to be removed. Further work will be required to remove the DAST Python scripts because they are responsible for parsing configuration values, and waiting for the target to be ready before starting the scan. ## References - The issue https://gitlab.com/gitlab-org/gitlab/-/issues/345757+ shows the mapping between ZAP checks and DAST issues/checks, as well as showing the current completion progress. - Internal spreadsheet showing priority order of these issues. https://docs.google.com/spreadsheets/d/11pDJZRDWjPUG9MIcbFpK0DwZO2jxn6zmAQJFJRdYm6U/edit#gid=0