diff --git a/doc/ci/examples/code_climate.md b/doc/ci/examples/code_climate.md
index 64a759a9a99..92317c77427 100644
--- a/doc/ci/examples/code_climate.md
+++ b/doc/ci/examples/code_climate.md
@@ -9,11 +9,12 @@ Once you set up the Runner, add a new job to `.gitlab-ci.yml`, called `codequali
 
 ```yaml
 codequality:
-  image: docker:latest
+  image: docker:stable
   variables:
-    DOCKER_DRIVER: overlay
+    DOCKER_DRIVER: overlay2
+  allow_failure: true
   services:
-    - docker:dind
+    - docker:stable-dind
   script:
     - export SP_VERSION=$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')
     - docker run --env SOURCE_CODE="$PWD" --volume "$PWD":/code --volume /var/run/docker.sock:/var/run/docker.sock "registry.gitlab.com/gitlab-org/security-products/codequality:$SP_VERSION" /code
diff --git a/doc/ci/examples/container_scanning.md b/doc/ci/examples/container_scanning.md
index 3437b63748a..c58efc7392a 100644
--- a/doc/ci/examples/container_scanning.md
+++ b/doc/ci/examples/container_scanning.md
@@ -11,7 +11,7 @@ called `sast:container`:
 
 ```yaml
 sast:container:
-  image: docker:latest
+  image: docker:stable
   variables:
     DOCKER_DRIVER: overlay2
     ## Define two new variables based on GitLab's CI/CD predefined variables
@@ -20,7 +20,7 @@ sast:container:
     CI_APPLICATION_TAG: $CI_COMMIT_SHA
   allow_failure: true
   services:
-    - docker:dind
+    - docker:stable-dind
   script:
     - docker run -d --name db arminc/clair-db:latest
     - docker run -p 6060:6060 --link db:postgres -d --name clair arminc/clair-local-scan:v2.0.1
diff --git a/doc/ci/examples/dast.md b/doc/ci/examples/dast.md
index 96de0f5ff5c..8df223ee560 100644
--- a/doc/ci/examples/dast.md
+++ b/doc/ci/examples/dast.md
@@ -14,9 +14,10 @@ called `dast`:
 
 ```yaml
 dast:
-  image: owasp/zap2docker-stable
+  image: registry.gitlab.com/gitlab-org/security-products/zaproxy
   variables:
     website: "https://example.com"
+  allow_failure: true
   script:
     - mkdir /zap/wrk/
     - /zap/zap-baseline.py -J gl-dast-report.json -t $website || true
@@ -30,6 +31,28 @@ the tests on the URL defined in the `website` variable (change it to use your
 own) and finally write the results in the `gl-dast-report.json` file. You can
 then download and analyze the report artifact in JSON format.
 
+It's also possible to authenticate the user before performing DAST checks:
+
+```yaml
+dast:
+  image: registry.gitlab.com/gitlab-org/security-products/zaproxy
+  variables:
+    website: "https://example.com"
+    login_url: "https://example.com/sign-in"
+  allow_failure: true
+  script:
+    - mkdir /zap/wrk/
+    - /zap/zap-baseline.py -J gl-dast-report.json -t $website \
+        --auth-url $login_url \
+        --auth-username "john.doe@example.com" \
+        --auth-password "john-doe-password" || true
+    - cp /zap/wrk/gl-dast-report.json .
+  artifacts:
+    paths: [gl-dast-report.json]
+```
+See [zaproxy documentation](https://gitlab.com/gitlab-org/security-products/zaproxy)
+to learn more about authentication settings.
+
 TIP: **Tip:**
 Starting with [GitLab Ultimate][ee] 10.4, this information will
 be automatically extracted and shown right in the merge request widget. To do