Merge branch 'djadmin-enable-dast-configuration-ui' into 'master'

Documentation and Enable DAST Configuration UI feature flag See merge request gitlab-org/gitlab!63849

Merge branch 'djadmin-enable-dast-configuration-ui' into 'master'
Documentation and Enable DAST Configuration UI feature flag See merge request gitlab-org/gitlab!63849
3ad37425 · Ezekiel Kigbo · bdc760e4 · 59e78b34 · 3ad37425 · 3ad37425
Commit 3ad37425 authored Jul 15, 2021 by Ezekiel Kigbo
3 changed files
--- a/doc/ci/yaml/index.md
+++ b/doc/ci/yaml/index.md
@@ -26,39 +26,40 @@ A job is defined as a list of keywords that define the job's behavior.

 The keywords available for jobs are:

-| Keyword                             | Description |
-| :-----------------------------------|:------------|
-| [`after_script`](#after_script)     | Override a set of commands that are executed after job. |
-| [`allow_failure`](#allow_failure)   | Allow job to fail. A failed job does not cause the pipeline to fail. |
-| [`artifacts`](#artifacts)           | List of files and directories to attach to a job on success. |
-| [`before_script`](#before_script)   | Override a set of commands that are executed before job. |
-| [`cache`](#cache)                   | List of files that should be cached between subsequent runs. |
-| [`coverage`](#coverage)             | Code coverage settings for a given job. |
-| [`dependencies`](#dependencies)     | Restrict which artifacts are passed to a specific job by providing a list of jobs to fetch artifacts from. |
-| [`environment`](#environment)       | Name of an environment to which the job deploys. |
-| [`except`](#only--except)           | Control when jobs are not created. |
-| [`extends`](#extends)               | Configuration entries that this job inherits from. |
-| [`image`](#image)                   | Use Docker images. |
-| [`include`](#include)               | Include external YAML files. |
-| [`inherit`](#inherit)               | Select which global defaults all jobs inherit. |
-| [`interruptible`](#interruptible)   | Defines if a job can be canceled when made redundant by a newer run. |
-| [`needs`](#needs)                   | Execute jobs earlier than the stage ordering. |
-| [`only`](#only--except)             | Control when jobs are created. |
-| [`pages`](#pages)                   | Upload the result of a job to use with GitLab Pages. |
-| [`parallel`](#parallel)             | How many instances of a job should be run in parallel. |
-| [`release`](#release)               | Instructs the runner to generate a [release](../../user/project/releases/index.md) object. |
-| [`resource_group`](#resource_group) | Limit job concurrency. |
-| [`retry`](#retry)                   | When and how many times a job can be auto-retried in case of a failure. |
-| [`rules`](#rules)                   | List of conditions to evaluate and determine selected attributes of a job, and whether or not it's created. |
-| [`script`](#script)                 | Shell script that is executed by a runner. |
-| [`secrets`](#secrets)               | The CI/CD secrets the job needs. |
-| [`services`](#services)             | Use Docker services images. |
-| [`stage`](#stage)                   | Defines a job stage. |
-| [`tags`](#tags)                     | List of tags that are used to select a runner. |
-| [`timeout`](#timeout)               | Define a custom job-level timeout that takes precedence over the project-wide setting. |
-| [`trigger`](#trigger)               | Defines a downstream pipeline trigger. |
-| [`variables`](#variables)           | Define job variables on a job level. |
-| [`when`](#when)                     | When to run job. |
+| Keyword                                     | Description |
+| :-------------------------------------------|:------------|
+| [`after_script`](#after_script)             | Override a set of commands that are executed after job. |
+| [`allow_failure`](#allow_failure)           | Allow job to fail. A failed job does not cause the pipeline to fail. |
+| [`artifacts`](#artifacts)                   | List of files and directories to attach to a job on success. |
+| [`before_script`](#before_script)           | Override a set of commands that are executed before job. |
+| [`cache`](#cache)                           | List of files that should be cached between subsequent runs. |
+| [`coverage`](#coverage)                     | Code coverage settings for a given job. |
+| [`dast_configuration`](#dast_configuration) | Use configuration from DAST profiles on a job level. |
+| [`dependencies`](#dependencies)             | Restrict which artifacts are passed to a specific job by providing a list of jobs to fetch artifacts from. |
+| [`environment`](#environment)               | Name of an environment to which the job deploys. |
+| [`except`](#only--except)                   | Control when jobs are not created. |
+| [`extends`](#extends)                       | Configuration entries that this job inherits from. |
+| [`image`](#image)                           | Use Docker images. |
+| [`include`](#include)                       | Include external YAML files. |
+| [`inherit`](#inherit)                       | Select which global defaults all jobs inherit. |
+| [`interruptible`](#interruptible)           | Defines if a job can be canceled when made redundant by a newer run. |
+| [`needs`](#needs)                           | Execute jobs earlier than the stage ordering. |
+| [`only`](#only--except)                     | Control when jobs are created. |
+| [`pages`](#pages)                           | Upload the result of a job to use with GitLab Pages. |
+| [`parallel`](#parallel)                     | How many instances of a job should be run in parallel. |
+| [`release`](#release)                       | Instructs the runner to generate a [release](../../user/project/releases/index.md) object. |
+| [`resource_group`](#resource_group)         | Limit job concurrency. |
+| [`retry`](#retry)                           | When and how many times a job can be auto-retried in case of a failure. |
+| [`rules`](#rules)                           | List of conditions to evaluate and determine selected attributes of a job, and whether or not it's created. |
+| [`script`](#script)                         | Shell script that is executed by a runner. |
+| [`secrets`](#secrets)                       | The CI/CD secrets the job needs. |
+| [`services`](#services)                     | Use Docker services images. |
+| [`stage`](#stage)                           | Defines a job stage. |
+| [`tags`](#tags)                             | List of tags that are used to select a runner. |
+| [`timeout`](#timeout)                       | Define a custom job-level timeout that takes precedence over the project-wide setting. |
+| [`trigger`](#trigger)                       | Defines a downstream pipeline trigger. |
+| [`variables`](#variables)                   | Define job variables on a job level. |
+| [`when`](#when)                             | When to run job. |

 ### Unavailable names for jobs

@@ -4502,6 +4503,50 @@ You can use [CI/CD variables](../variables/index.md) to configure how the runner
 You can also use variables to configure how many times a runner
 [attempts certain stages of job execution](../runners/configure_runners.md#job-stages-attempts).

+## `dast_configuration` **(ULTIMATE)**
+
+> [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/5981) in GitLab 14.1.
+
+Use the `dast_configuration` keyword to specify a site profile and scanner profile to be used in a
+CI/CD configuration. Both profiles must first have been created in the project. The job's stage must
+be `dast`.
+
+**Keyword type**: Job keyword. You can use only as part of a job.
+
+**Possible inputs**: One each of `site_profile` and `scanner_profile`.
+
+- Use `site_profile` to specify the site profile to be used in the job.
+- Use `scanner_profile` to specify the scanner profile to be used in the job.
+
+**Example of `dast_configuration`**:
+
+```yaml
+stages:
+  - build
+  - dast
+
+include:
+  - template: DAST.gitlab-ci.yml
+
+dast:
+  dast_configuration:
+    site_profile: "Example Co"
+    scanner_profile: "Quick Passive Test"
+```
+
+In this example, the `dast` job extends the `dast` configuration added with the `include:` keyword
+to select a specific site profile and scanner profile.
+
+**Additional details**:
+
+- Settings contained in either a site profile or scanner profile take precedence over those
+  contained in the DAST template.
+
+**Related topics**:
+
+- [Site profile](../../user/application_security/dast/index.md#site-profile).
+- [Scanner profile](../../user/application_security/dast/index.md#scanner-profile).
+
 ## YAML-specific features

 In your `.gitlab-ci.yml` file, you can use YAML-specific features like anchors (`&`), aliases (`*`),

--- a/doc/user/application_security/dast/index.md
+++ b/doc/user/application_security/dast/index.md
@@ -145,6 +145,7 @@ To enable DAST to run automatically, either:
  by [Auto DevOps](../../../topics/autodevops/index.md)).
 - [Include the DAST template](#include-the-dast-template) in your existing
  `.gitlab-ci.yml` file.
+- [Configure DAST using the UI](#configure-dast-using-the-ui).

 ### DAST job order

@@ -265,6 +266,28 @@ image. Using the `DAST_VERSION` variable, you can choose how DAST updates:
 Find the latest DAST versions on the [Releases](https://gitlab.com/security-products/dast/-/releases)
 page.

+#### Configure DAST using the UI
+
+You can enable or configure DAST settings using the UI. The generated settings are formatted so they
+can be conveniently pasted into the `.gitlab-ci.yml` file.
+
+1. From the project's home page, go to **Security & Compliance > Configuration**.
+1. In the **Dynamic Application Security Testing (DAST)** section, select **Enable DAST** or
+   **Configure DAST**.
+1. Select the desired **Scanner profile**, or select **Create scanner profile** and save a
+   scanner profile. For more details, see [scanner profiles](#scanner-profile).
+1. Select the desired **Site profile**, or select **Create site profile** and save a site
+   profile. For more details, see [site profiles](#site-profile).
+1. Select **Generate code snippet**. A modal opens with the YAML snippet corresponding to the
+   options you selected.
+1. Do one of the following:
+   1. Select **Copy code only** to copy the snippet to your clipboard.
+   1. Select **Copy code and open `.gitlab-ci.yml` file** to copy the snippet to your clipboard. The
+   CI/CD Editor then opens.
+      1. Paste the snippet into the `.gitlab-ci.yml` file.
+      1. Select the **Lint** tab to confirm the edited `.gitlab-ci.yml` file is valid.
+      1. Select **Commit changes**.
+
 #### Crawling web applications dependent on JavaScript

 GitLab has released a new browser-based crawler, an add-on to DAST that uses a browser to crawl web applications for content. This crawler replaces the standard DAST Spider and Ajax Crawler, and uses the same authentication mechanisms as a normal DAST scan.

--- a/ee/config/feature_flags/development/dast_configuration_ui.yml
+++ b/ee/config/feature_flags/development/dast_configuration_ui.yml
@@ -2,7 +2,7 @@
 name: dast_configuration_ui
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/62014
 rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/330728
-milestone: '14.0'
+milestone: '14.1'
 type: development
 group: group::dynamic analysis
-default_enabled: false
+default_enabled: true