Merge branch 'sethgitlab-dast-documentation' into 'master'

Updated DAST documentation to include link to JSON report samples See merge request gitlab-org/gitlab!21769

Merge branch 'sethgitlab-dast-documentation' into 'master'
Updated DAST documentation to include link to JSON report samples See merge request gitlab-org/gitlab!21769
18f3bc53 · Achilleas Pipinellis · d35fd24e · 407225c9 · 18f3bc53
Commit 18f3bc53 authored Dec 19, 2019 by Achilleas Pipinellis
Hide whitespace changes
Inline Side-by-side

Showing with 9 additions and 0 deletions

doc/user/application_security/dast/index.md doc/user/application_security/dast/index.md +9 -0

No files found.
--- a/doc/user/application_security/dast/index.md
+++ b/doc/user/application_security/dast/index.md
@@ -312,6 +312,15 @@ variable value.
 | `DAST_FULL_SCAN_ENABLED` | no | Switches the tool to execute [ZAP Full Scan](https://github.com/zaproxy/zaproxy/wiki/ZAP-Full-Scan) instead of [ZAP Baseline Scan](https://github.com/zaproxy/zaproxy/wiki/ZAP-Baseline-Scan). Boolean. `true`, `True`, or `1` are considered as true value, otherwise false. Defaults to `false`. |
 | `DAST_FULL_SCAN_DOMAIN_VALIDATION_REQUIRED` | no | Requires [domain validation](#domain-validation) when running DAST full scans. Boolean. `true`, `True`, or `1` are considered as true value, otherwise false. Defaults to `false`. |

+## Reports JSON format
+
+CAUTION: **Caution:**
+The JSON report artifacts are not a public API of DAST and their format may change in the future.
+
+The DAST tool emits a JSON report report file. Sample report files can be found in the [DAST repository](https://gitlab.com/gitlab-org/security-products/dast/tree/master/test/end-to-end/expect).
+
+There are two formats of data in the JSON document that are used side by side: the proprietary ZAP format which will be eventually deprecated, and a "common" format which will be the default in the future.
+
 ## Security Dashboard

 The Security Dashboard is a good place to get an overview of all the security