Skip to content

G
gitlab-ce
Commit 6937ae58 authored by Russell Dickenson's avatar Russell Dickenson Committed by Evan Read
Browse files
Options

Move DAST job order topic

parent 2f5a0d41
Show whitespace changes
Inline Side-by-side
Showing with 30 additions and 24 deletions
doc/user/application_security/dast/index.md
View file @ 6937ae58
...@@ -54,28 +54,6 @@ results. On failure, the analyzer outputs an ...@@ -54,28 +54,6 @@ results. On failure, the analyzer outputs an
[`docker` executor](https://docs.gitlab.com/runner/executors/docker.html). [`docker` executor](https://docs.gitlab.com/runner/executors/docker.html).
- Target application deployed. For more details, read [Deployment options](#deployment-options). - Target application deployed. For more details, read [Deployment options](#deployment-options).
### DAST job order
When using the `DAST.gitlab-ci.yml` template, the `dast` stage is run last as shown in
the example below. To ensure DAST scans the latest code, deploy your application
in a stage before the `dast` stage.
```yaml
stages:
- build
- test
- deploy
- dast
```
Be aware that if your pipeline is configured to deploy to the same webserver in
each run, running a pipeline while another is still running could cause a race condition
where one pipeline overwrites the code from another pipeline. The site to be scanned
should be excluded from changes for the duration of a DAST scan.
The only changes to the site should be from the DAST scanner. Be aware that any
changes that users, scheduled tasks, database changes, code changes, other pipelines, or other scanners make to
the site during a scan could lead to inaccurate results.
### Deployment options ### Deployment options
Depending on the complexity of the target application, there are a few options as to how to deploy and configure Depending on the complexity of the target application, there are a few options as to how to deploy and configure
...@@ -143,6 +121,34 @@ services: # use services to link the container to the dast job ...@@ -143,6 +121,34 @@ services: # use services to link the container to the dast job
alias: yourapp alias: yourapp
``` ```
### DAST job order
When using the `DAST.gitlab-ci.yml` template, the `dast` stage is run last as shown in
the example below. To ensure DAST scans the latest code, deploy your application
in a stage before the `dast` stage.
```yaml
stages:
- build
- test
- deploy
- dast
```
Take care if your pipeline is configured to deploy to the same web server in each run. Running a
pipeline while another is still running could result in one pipeline overwriting the code from
another pipeline. The site to be scanned should be excluded from changes for the duration of a DAST
scan. The only changes to the site should be from the DAST scanner.
Changes to the site during a scan from any of the following could lead to inaccurate results:
- Users.
- Scheduled tasks.
- Database changes.
- Code changes.
- Other pipelines.
- Other scanners.
## DAST run options ## DAST run options
You can use DAST to examine your web application: You can use DAST to examine your web application:
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7