Merge branch 'docs/sast-dast-ee' into 'master'

Port the SAST DAST doc examples from EE to CE See merge request gitlab-org/gitlab-ee!4052

Merge branch 'docs/sast-dast-ee' into 'master'
Port the SAST DAST doc examples from EE to CE See merge request gitlab-org/gitlab-ee!4052
2c1ae826 · Marcia Ramos · b11f1ba1 · 33eef87b · 2c1ae826 · 2c1ae826
Commit 2c1ae826 authored Jan 15, 2018 by Marcia Ramos
Showing with 28 additions and 10 deletions

doc/ci/examples/README.md doc/ci/examples/README.md +1 -1

doc/topics/autodevops/index.md doc/topics/autodevops/index.md +20 -3

doc/user/project/merge_requests/dast.md doc/user/project/merge_requests/dast.md +7 -6

No files found.
--- a/doc/ci/examples/README.md
+++ b/doc/ci/examples/README.md
@@ -43,7 +43,7 @@ There's also a collection of repositories with [example projects](https://gitlab
 ### Static Application Security Testing (SAST)
- [Scan your code for vulnerabilities](sast.md)
+- **(EEU)** [Scan your code for vulnerabilities](sast.md)
 - [Scan your Docker images for vulnerabilities](sast_docker.md)
 ### Dynamic Application Security Testing (DAST)

--- a/doc/topics/autodevops/index.md
+++ b/doc/topics/autodevops/index.md
@@ -21,6 +21,7 @@ project in an easy and automatic way:
 1. [Auto Code Quality](#auto-code-quality)
 1. [Auto SAST (Static Application Security Testing)](#auto-sast)
 1. [Auto SAST for Docker images](#auto-sast-for-docker-images)
+1. [Auto DAST (Dynamic Application Security Testing)](#auto-dast)
 1. [Auto Browser Performance Testing](#auto-browser-performance-testing)
 1. [Auto Review Apps](#auto-review-apps)
 1. [Auto Deploy](#auto-deploy)
@@ -194,8 +195,10 @@ Auto Code Quality uses the open source
 [`codeclimate` image](https://hub.docker.com/r/codeclimate/codeclimate/) to run
 static analysis and other code checks on the current code. The report is
 created, and is uploaded as an artifact which you can later download and check
-out. In GitLab Enterprise Edition Starter, differences between the source and
+out.
-target branches are
+In GitLab Enterprise Edition Starter, differences between the source and
+target branches are also
 [shown in the merge request widget](../../user/project/merge_requests/code_quality_diff.md).
 ### Auto SAST
@@ -208,7 +211,8 @@ analysis on the current code and checks for potential security issues. Once the
 report is created, it's uploaded as an artifact which you can later download and
 check out.
-Any security warnings are also [shown in the merge request widget](../../user/project/merge_requests/sast.md).
+In GitLab Enterprise Edition Ultimate, any security warnings are also
+[shown in the merge request widget](../../user/project/merge_requests/sast.md).
 ### Auto SAST for Docker images
@@ -223,6 +227,19 @@ check out.
 In GitLab Enterprise Edition Ultimate, any security warnings are also
 [shown in the merge request widget](../../user/project/merge_requests/sast_docker.md).
+### Auto DAST
+> Introduced in [GitLab Enterprise Edition Ultimate][ee] 10.4.
+Dynamic Application Security Testing (DAST) uses the
+popular open source tool [OWASP ZAProxy](https://github.com/zaproxy/zaproxy)
+to perform an analysis on the current code and checks for potential security
+issues. Once the report is created, it's uploaded as an artifact which you can
+later download and check out.
+In GitLab Enterprise Edition Ultimate, any security warnings are also
+[shown in the merge request widget](../../user/project/merge_requests/dast.md).
 ### Auto Browser Performance Testing
 > Introduced in [GitLab Enterprise Edition Premium][ee] 10.4.

--- a/doc/user/project/merge_requests/dast.md
+++ b/doc/user/project/merge_requests/dast.md
@@ -11,25 +11,26 @@ by implicitly using [Auto DAST](../../../topics/autodevops/index.md#auto-dast)
 that is provided by [Auto DevOps](../../../topics/autodevops/index.md).
 Going a step further, GitLab can show the vulnerability list right in the merge
-request widget area:
+request widget area.
 ![DAST Widget](img/dast-all.png)
-By clicking on vlunerability you will be able to see details and url affected:
+By clicking on vulnerability you will be able to see the details and the URL(s)
+affected.
 ![DAST Widget Clicked](img/dast-single.png)
 ## Use cases
 It helps you automatically find security vulnerabilities in your web applications
-while you are developing and testing your applications
+while you are developing and testing your applications.
 ## How it works
 In order for the report to show in the merge request, you need to specify a
-`dast` job (exact name) that will analyze the running application and upload the resulting
+`dast` job (exact name) that will analyze the running application and upload the
-`gl-dast-report.json` file as an artifact. GitLab will then check this file and
+resulting `gl-dast-report.json` file (exact filename) as an artifact. GitLab
-show the information inside the merge request.
+will then check this file and show the information inside the merge request.
 This JSON file needs to be the only artifact file for the job. If you try
 to also include other files, it will break the vulnerability display in the