Add example using templateadd-docs-for-dast-domain-validation

Since this is what a lot of folks will be doing
author: Avielle Wolfe <awolfe@gitlab.com> 2019-09-12 18:45:23 -0400
committer: Avielle Wolfe <awolfe@gitlab.com> 2019-09-12 18:47:05 -0400
commit: dc920b4873098f2de8f3ee489c87178674caec24 (patch)
tree: 7d2de00a22d29bdc469d474cba2caab977825bda
parent: d10e7245793f934a73fd3b4394461ca951ba0f90 (diff)
download: gitlab-ce-add-docs-for-dast-domain-validation.tar.gz
1 files changed, 9 insertions, 0 deletions
diff --git a/doc/user/application_security/dast/index.md b/doc/user/application_security/dast/index.md
index f93e0c3c9d2..74a7ea3d0ec 100644
--- a/doc/user/application_security/dast/index.md
+++ b/doc/user/application_security/dast/index.md
@@ -136,6 +136,15 @@ variables:
 
 Domain validation is not required by default. It can be required by setting the [environment variable](#available-variables) `DAST_FULL_SCAN_DOMAIN_VALIDATION_REQUIRED` to true.
 
+```yaml
+include:
+  template: DAST.gitlab-ci.yml
+
+variables:
+  DAST_FULL_SCAN_ENABLED: "true"
+  DAST_FULL_SCAN_DOMAIN_VALIDATION_REQUIRED: "true"
+```
+
 Since ZAP full scan actively attacks the target application, DAST sends a ping to the target (normally defined in `DAST_WEBSITE` or `environment_url.txt`) beforehand.
 
 If `DAST_FULL_SCAN_DOMAIN_VALIDATION_REQUIRED` is false or unset, the scan will _proceed_ unless the response to the ping
author	Avielle Wolfe <awolfe@gitlab.com>	2019-09-12 18:45:23 -0400
committer	Avielle Wolfe <awolfe@gitlab.com>	2019-09-12 18:47:05 -0400
commit	dc920b4873098f2de8f3ee489c87178674caec24 (patch)
tree	7d2de00a22d29bdc469d474cba2caab977825bda
parent	d10e7245793f934a73fd3b4394461ca951ba0f90 (diff)
download	gitlab-ce-add-docs-for-dast-domain-validation.tar.gz