Merge branch '10798-remove-dind-req-for-dast' into 'master'
Remove dind from dast template See merge request gitlab-org/gitlab-ce!28083
This commit is contained in:
commit
01a28eada1
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
title: Remove dind from DAST template
|
||||||
|
merge_request: 28083
|
||||||
|
author:
|
||||||
|
type: changed
|
|
@ -47,10 +47,7 @@ applications while you are developing and testing your applications.
|
||||||
## Requirements
|
## Requirements
|
||||||
|
|
||||||
To run a DAST job, you need GitLab Runner with the
|
To run a DAST job, you need GitLab Runner with the
|
||||||
[`docker`](https://docs.gitlab.com/runner/executors/docker.html#use-docker-in-docker-with-privileged-mode) or
|
[`docker` executor](https://docs.gitlab.com/runner/executors/docker.html).
|
||||||
[`kubernetes`](https://docs.gitlab.com/runner/install/kubernetes.html#running-privileged-containers-for-the-runners)
|
|
||||||
executor running in privileged mode. If you're using the shared Runners on GitLab.com,
|
|
||||||
this is enabled by default.
|
|
||||||
|
|
||||||
## Configuring DAST
|
## Configuring DAST
|
||||||
|
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
# Read more about this feature here: https://docs.gitlab.com/ee/user/project/merge_requests/dast.html
|
# Read more about this feature here: https://docs.gitlab.com/ee/user/application_security/dast/
|
||||||
|
|
||||||
# Configure the scanning tool through the environment variables.
|
# Configure the scanning tool through the environment variables.
|
||||||
# List of the variables: https://gitlab.com/gitlab-org/security-products/dast#settings
|
# List of the variables: https://gitlab.com/gitlab-org/security-products/dast#settings
|
||||||
|
@ -12,46 +12,29 @@ stages:
|
||||||
|
|
||||||
dast:
|
dast:
|
||||||
stage: dast
|
stage: dast
|
||||||
image: docker:stable
|
image:
|
||||||
|
name: "registry.gitlab.com/gitlab-org/security-products/dast:$CI_SERVER_VERSION_MAJOR-$CI_SERVER_VERSION_MINOR-stable"
|
||||||
variables:
|
variables:
|
||||||
DOCKER_DRIVER: overlay2
|
# URL to scan:
|
||||||
|
# DAST_WEBSITE: https://example.com/
|
||||||
|
#
|
||||||
|
# Time limit for target availability (scan is attempted even when timeout):
|
||||||
|
# DAST_TARGET_AVAILABILITY_TIMEOUT: 60
|
||||||
|
#
|
||||||
|
# Set these variables to scan with an authenticated user:
|
||||||
|
# DAST_AUTH_URL: https://example.com/sign-in
|
||||||
|
# DAST_USERNAME: john.doe@example.com
|
||||||
|
# DAST_PASSWORD: john-doe-password
|
||||||
|
# DAST_USERNAME_FIELD: session[user] # the name of username field at the sign-in HTML form
|
||||||
|
# DAST_PASSWORD_FIELD: session[password] # the name of password field at the sign-in HTML form
|
||||||
|
# DAST_AUTH_EXCLUDE_URLS: http://example.com/sign-out,http://example.com/sign-out-2 # optional: URLs to skip during the authenticated scan; comma-separated, no spaces in between
|
||||||
|
#
|
||||||
|
# Perform ZAP Full Scan, which includes both passive and active scanning:
|
||||||
|
# DAST_FULL_SCAN_ENABLED: "true"
|
||||||
allow_failure: true
|
allow_failure: true
|
||||||
services:
|
|
||||||
- docker:stable-dind
|
|
||||||
script:
|
script:
|
||||||
- export DAST_WEBSITE=${DAST_WEBSITE:-$(cat environment_url.txt)}
|
- export DAST_WEBSITE=${DAST_WEBSITE:-$(cat environment_url.txt)}
|
||||||
- export DAST_VERSION=${SP_VERSION:-$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')}
|
- /analyze -t $DAST_WEBSITE
|
||||||
- |
|
|
||||||
if ! docker info &>/dev/null; then
|
|
||||||
if [ -z "$DOCKER_HOST" -a "$KUBERNETES_PORT" ]; then
|
|
||||||
export DOCKER_HOST='tcp://localhost:2375'
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
- |
|
|
||||||
function dast_run() {
|
|
||||||
docker run \
|
|
||||||
--env DAST_FULL_SCAN_ENABLED \
|
|
||||||
--env DAST_TARGET_AVAILABILITY_TIMEOUT \
|
|
||||||
--volume "$PWD:/output" \
|
|
||||||
--volume /var/run/docker.sock:/var/run/docker.sock \
|
|
||||||
-w /output \
|
|
||||||
"registry.gitlab.com/gitlab-org/security-products/dast:$DAST_VERSION" \
|
|
||||||
/analyze -t $DAST_WEBSITE \
|
|
||||||
"$@"
|
|
||||||
}
|
|
||||||
- |
|
|
||||||
if [ -n "$DAST_AUTH_URL" ]
|
|
||||||
then
|
|
||||||
dast_run \
|
|
||||||
--auth-url $DAST_AUTH_URL \
|
|
||||||
--auth-username $DAST_USERNAME \
|
|
||||||
--auth-password $DAST_PASSWORD \
|
|
||||||
--auth-username-field $DAST_USERNAME_FIELD \
|
|
||||||
--auth-password-field $DAST_PASSWORD_FIELD \
|
|
||||||
--auth-exclude-urls $DAST_AUTH_EXCLUDE_URLS
|
|
||||||
else
|
|
||||||
dast_run
|
|
||||||
fi
|
|
||||||
artifacts:
|
artifacts:
|
||||||
reports:
|
reports:
|
||||||
dast: gl-dast-report.json
|
dast: gl-dast-report.json
|
||||||
|
|
Loading…
Reference in New Issue