Update DAST docs with new docker image location

1ddd548f · Craig Smith · Russell Dickenson · ba854e13 · 1ddd548f · 1ddd548f
Commit 1ddd548f authored Jul 13, 2021 by Craig Smith Committed by Russell Dickenson Jul 13, 2021
Showing with 7 additions and 7 deletions

doc/user/application_security/dast/index.md doc/user/application_security/dast/index.md +6 -6

doc/user/application_security/vulnerabilities/index.md doc/user/application_security/vulnerabilities/index.md +1 -1

No files found.
--- a/doc/user/application_security/dast/index.md
+++ b/doc/user/application_security/dast/index.md
@@ -250,7 +250,7 @@ The results are saved as a
 [DAST report artifact](../../../ci/yaml/README.md#artifactsreportsdast)
 that you can later download and analyze. Due to implementation limitations, we
 always take the latest DAST artifact available. Behind the scenes, the
-[GitLab DAST Docker image](https://gitlab.com/gitlab-org/security-products/dast)
+[GitLab DAST Docker image](https://gitlab.com/security-products/dast)
 is used to run the tests on the specified URL and scan it for possible
 vulnerabilities.

@@ -262,7 +262,7 @@ image. Using the `DAST_VERSION` variable, you can choose how DAST updates:
 - Only update fixes by pinning to a minor version (such as `1.6`).
 - Prevent all updates by pinning to a specific version (such as `1.6.4`).

-Find the latest DAST versions on the [Releases](https://gitlab.com/gitlab-org/security-products/dast/-/releases)
+Find the latest DAST versions on the [Releases](https://gitlab.com/security-products/dast/-/releases)
 page.

 #### Crawling web applications dependent on JavaScript
@@ -523,7 +523,7 @@ DAST scan with both configured exits with an error.

 By default, several rules are disabled because they either take a long time to
 run or frequently generate false positives. The complete list of disabled rules
-can be found in [exclude_rules.yml](https://gitlab.com/gitlab-org/security-products/dast/-/blob/master/src/config/exclude_rules.yml).
+can be found in [exclude_rules.yml](https://gitlab.com/gitlab-org/security-products/dast/-/blob/main/src/config/exclude_rules.yml).

 ### Hide sensitive information

@@ -903,8 +903,8 @@ To use DAST in an offline environment, you need:

 - GitLab Runner with the [`docker` or `kubernetes` executor](#prerequisites).
 - Docker Container Registry with a locally available copy of the DAST
-  [container image](https://gitlab.com/gitlab-org/security-products/dast), found in the
-  [DAST container registry](https://gitlab.com/gitlab-org/security-products/dast/container_registry).
+  [container image](https://gitlab.com/security-products/dast), found in the
+  [DAST container registry](https://gitlab.com/security-products/dast/container_registry).

 Note that GitLab Runner has a [default `pull policy` of `always`](https://docs.gitlab.com/runner/executors/docker.html#using-the-always-pull-policy),
 meaning the runner tries to pull Docker images from the GitLab container registry even if a local
@@ -917,7 +917,7 @@ enables the use of updated scanners in your CI/CD pipelines.

 For DAST, import the following default DAST analyzer image from `registry.gitlab.com` to your [local Docker container registry](../../packages/container_registry/index.md):

- `registry.gitlab.com/gitlab-org/security-products/dast:latest`
+- `registry.gitlab.com/security-products/dast:latest`

 The process for importing Docker images into a local offline Docker registry depends on
 **your network security policy**. Please consult your IT staff to find an accepted and approved

--- a/doc/user/application_security/vulnerabilities/index.md
+++ b/doc/user/application_security/vulnerabilities/index.md
@@ -164,7 +164,7 @@ The following vulnerability scanners and their databases are regularly updated:
 |:----------------------------------------------------------------|----------------------------------|
 | [Container Scanning](../container_scanning/index.md)            | A job runs on a daily basis to build new images with the latest vulnerability database updates from the upstream scanner. |
 | [Dependency Scanning](../dependency_scanning/index.md)          | Relies on `bundler-audit` (for Ruby gems), `retire.js` (for npm packages), and `gemnasium` (the GitLab tool for all libraries). Both `bundler-audit` and `retire.js` fetch their vulnerabilities data from GitHub repositories, so vulnerabilities added to `ruby-advisory-db` and `retire.js` are immediately available. The tools themselves are updated once per month if there's a new version. The [Gemnasium DB](https://gitlab.com/gitlab-org/security-products/gemnasium-db) is updated at least once a week. See our [current measurement of time from CVE being issued to our product being updated](https://about.gitlab.com/handbook/engineering/development/performance-indicators/#cve-issue-to-update). |
-| [Dynamic Application Security Testing (DAST)](../dast/index.md) | The scanning engine is updated on a periodic basis. See the [version of the underlying tool `zaproxy`](https://gitlab.com/gitlab-org/security-products/dast/blob/master/Dockerfile#L1). The scanning rules are downloaded at scan runtime. |
+| [Dynamic Application Security Testing (DAST)](../dast/index.md) | The scanning engine is updated on a periodic basis. See the [version of the underlying tool `zaproxy`](https://gitlab.com/gitlab-org/security-products/dast/blob/main/Dockerfile#L1). The scanning rules are downloaded at scan runtime. |
 | [Static Application Security Testing (SAST)](../sast/index.md)  | Relies exclusively on [the tools GitLab wraps](../sast/index.md#supported-languages-and-frameworks). The underlying analyzers are updated at least once per month if a relevant update is available. The vulnerabilities database is updated by the upstream tools. |

 You do not have to update GitLab to benefit from the latest vulnerabilities definitions.