Commit 0e9780f8 authored by Russell Dickenson's avatar Russell Dickenson

Merge branch 'initiate-on-demand-dast-scan-documentation-218686' into 'master'

Add documentation for on-demand DAST scans

See merge request gitlab-org/gitlab!35085
parents 1f17465f 1e9a5e1a
...@@ -599,6 +599,44 @@ security reports without requiring internet access. ...@@ -599,6 +599,44 @@ security reports without requiring internet access.
Alternatively, you can use the variable `SECURE_ANALYZERS_PREFIX` to override the base registry address of the `dast` image. Alternatively, you can use the variable `SECURE_ANALYZERS_PREFIX` to override the base registry address of the `dast` image.
## On-Demand Scans
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/218465) in GitLab 13.2.
> - It's deployed behind a feature flag, disabled by default.
> - It's disabled on GitLab.com.
> - It's able to be enabled or disabled per-project.
> - To use it in GitLab self-managed instances, ask a GitLab administrator to [enable it](#enable-or-disable-on-demand-scans).
Passive DAST scans may be run on demand against a target website, outside the DevOps lifecycle. These scans will
always be associated with the default or `master` branch of your project and the results can be seen in the project dashboard.
![DAST On-Demand Scan](img/dast_on_demand_v13_2.png)
### Enable or disable On-Demand Scans
On-Demand Scans is under development and not ready for production use. It is
deployed behind a feature flag that is **disabled by default**.
[GitLab administrators with access to the GitLab Rails console](../../../administration/feature_flags.md)
can enable it for your instance. On-Demand Scans can be enabled or disabled per-project
To enable it:
```ruby
# Instance-wide
Feature.enable(:security_on_demand_scans_feature_flag)
# or by project
Feature.enable(:security_on_demand_scans_feature_flag, Project.find(<project id>))
```
To disable it:
```ruby
# Instance-wide
Feature.disable(:security_on_demand_scans_feature_flag)
# or by project
Feature.disable(:security_on_demand_scans_feature_flag, Project.find(<project id>))
```
## Reports ## Reports
The DAST tool outputs a report file in JSON format by default. However, this tool can also generate reports in The DAST tool outputs a report file in JSON format by default. However, this tool can also generate reports in
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment