gitlab-org--gitlab-foss/lib/gitlab/ci/templates/Security/DAST.gitlab-ci.yml

# Read more about this feature here: https://docs.gitlab.com/ee/user/application_security/dast/

# Configure the scanning tool through the environment variables.
# List of the variables: https://gitlab.com/gitlab-org/security-products/dast#settings
# How to set: https://docs.gitlab.com/ee/ci/yaml/#variables

stages:
  - build
  - test
  - deploy
  - dast

variables:
  DAST_VERSION: 1

dast:
  stage: dast
  image:
    name: "registry.gitlab.com/gitlab-org/security-products/dast:$DAST_VERSION"
  variables:
  # URL to scan:
  # DAST_WEBSITE: https://example.com/
  #
  # Time limit for target availability (scan is attempted even when timeout):
  # DAST_TARGET_AVAILABILITY_TIMEOUT: 60
  #
  # Set these variables to scan with an authenticated user:
  # DAST_AUTH_URL: https://example.com/sign-in
  # DAST_USERNAME: john.doe@example.com
  # DAST_PASSWORD: john-doe-password
  # DAST_USERNAME_FIELD: session[user] # the name of username field at the sign-in HTML form
  # DAST_PASSWORD_FIELD: session[password] # the name of password field at the sign-in HTML form
  # DAST_AUTH_EXCLUDE_URLS: http://example.com/sign-out,http://example.com/sign-out-2 # optional: URLs to skip during the authenticated scan; comma-separated, no spaces in between
  #
  # Perform ZAP Full Scan, which includes both passive and active scanning:
  # DAST_FULL_SCAN_ENABLED: "true"
  allow_failure: true
  script:
    - export DAST_WEBSITE=${DAST_WEBSITE:-$(cat environment_url.txt)}
    - /analyze -t $DAST_WEBSITE
  artifacts:
    reports:
      dast: gl-dast-report.json
  only:
    refs:
      - branches
    variables:
      - $GITLAB_FEATURES =~ /\bdast\b/
  except:
    variables:
      - $DAST_DISABLED
      - $DAST_DISABLED_FOR_DEFAULT_BRANCH && $CI_DEFAULT_BRANCH == $CI_COMMIT_REF_NAME
Make env vars consistent `DAST_TARGET_AVAILABILITY_TIMEOUT` already defaults to 60 in `analyze` 2019-05-21 00:06:47 +00:00			`# Read more about this feature here: https://docs.gitlab.com/ee/user/application_security/dast/`
Use vendored templates for Sec Products Update Dependency Scanning and add other templates 2019-03-08 03:39:35 +00:00
			`# Configure the scanning tool through the environment variables.`
			`# List of the variables: https://gitlab.com/gitlab-org/security-products/dast#settings`
			`# How to set: https://docs.gitlab.com/ee/ci/yaml/#variables`

			`stages:`
			`- build`
			`- test`
			`- deploy`
			`- dast`

Add latest changes from gitlab-org/gitlab@master 2020-01-16 12:08:32 +00:00			`variables:`
			`DAST_VERSION: 1`

Use vendored templates for Sec Products Update Dependency Scanning and add other templates 2019-03-08 03:39:35 +00:00			`dast:`
Restore original Security/DAST.gitlab-ci.yml Reverts https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/26520 for Security/DAST.gitlab-ci.yml. 2019-04-06 16:02:04 +00:00			`stage: dast`
Make env vars consistent `DAST_TARGET_AVAILABILITY_TIMEOUT` already defaults to 60 in `analyze` 2019-05-21 00:06:47 +00:00			`image:`
Add latest changes from gitlab-org/gitlab@master 2020-01-16 12:08:32 +00:00			`name: "registry.gitlab.com/gitlab-org/security-products/dast:$DAST_VERSION"`
Restore original Security/DAST.gitlab-ci.yml Reverts https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/26520 for Security/DAST.gitlab-ci.yml. 2019-04-06 16:02:04 +00:00			`variables:`
Add yaml lint This commit adds CI job that validates all `*.yml` with `yamllint`. This commit fixes all offenses present in repository. 2019-06-05 16:31:35 +00:00			`# URL to scan:`
			`# DAST_WEBSITE: https://example.com/`
			`#`
			`# Time limit for target availability (scan is attempted even when timeout):`
			`# DAST_TARGET_AVAILABILITY_TIMEOUT: 60`
			`#`
			`# Set these variables to scan with an authenticated user:`
			`# DAST_AUTH_URL: https://example.com/sign-in`
			`# DAST_USERNAME: john.doe@example.com`
			`# DAST_PASSWORD: john-doe-password`
			`# DAST_USERNAME_FIELD: session[user] # the name of username field at the sign-in HTML form`
			`# DAST_PASSWORD_FIELD: session[password] # the name of password field at the sign-in HTML form`
			`# DAST_AUTH_EXCLUDE_URLS: http://example.com/sign-out,http://example.com/sign-out-2 # optional: URLs to skip during the authenticated scan; comma-separated, no spaces in between`
			`#`
			`# Perform ZAP Full Scan, which includes both passive and active scanning:`
			`# DAST_FULL_SCAN_ENABLED: "true"`
Restore original Security/DAST.gitlab-ci.yml Reverts https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/26520 for Security/DAST.gitlab-ci.yml. 2019-04-06 16:02:04 +00:00			`allow_failure: true`
			`script:`
			`- export DAST_WEBSITE=${DAST_WEBSITE:-$(cat environment_url.txt)}`
Make env vars consistent `DAST_TARGET_AVAILABILITY_TIMEOUT` already defaults to 60 in `analyze` 2019-05-21 00:06:47 +00:00			`- /analyze -t $DAST_WEBSITE`
Restore original Security/DAST.gitlab-ci.yml Reverts https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/26520 for Security/DAST.gitlab-ci.yml. 2019-04-06 16:02:04 +00:00			`artifacts:`
			`reports:`
			`dast: gl-dast-report.json`
Use vendored templates for Sec Products Update Dependency Scanning and add other templates 2019-03-08 03:39:35 +00:00			`only:`
			`refs:`
			`- branches`
Restore original Security/DAST.gitlab-ci.yml Reverts https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/26520 for Security/DAST.gitlab-ci.yml. 2019-04-06 16:02:04 +00:00			`variables:`
			`- $GITLAB_FEATURES =~ /\bdast\b/`
Use vendored templates for Sec Products Update Dependency Scanning and add other templates 2019-03-08 03:39:35 +00:00			`except:`
			`variables:`
			`- $DAST_DISABLED`
Add latest changes from gitlab-org/gitlab@master 2019-10-18 06:07:02 +00:00			`- $DAST_DISABLED_FOR_DEFAULT_BRANCH && $CI_DEFAULT_BRANCH == $CI_COMMIT_REF_NAME`