Add latest changes from gitlab-org/gitlab@14-2-stable-eev14.2.0-rc42

author: GitLab Bot <gitlab-bot@gitlab.com> 2021-08-19 09:08:42 +0000
committer: GitLab Bot <gitlab-bot@gitlab.com> 2021-08-19 09:08:42 +0000
commit: b76ae638462ab0f673e5915986070518dd3f9ad3 (patch)
tree: bdab0533383b52873be0ec0eb4d3c66598ff8b91 /doc/user/application_security/dast/dast_troubleshooting.md
parent: 434373eabe7b4be9593d18a585fb763f1e5f1a6f (diff)
download: gitlab-ce-b76ae638462ab0f673e5915986070518dd3f9ad3.tar.gz
1 files changed, 26 insertions, 0 deletions
diff --git a/doc/user/application_security/dast/dast_troubleshooting.md b/doc/user/application_security/dast/dast_troubleshooting.md
index 48b48392e65..725fab85789 100644
--- a/doc/user/application_security/dast/dast_troubleshooting.md
+++ b/doc/user/application_security/dast/dast_troubleshooting.md
@@ -11,6 +11,32 @@ The following troubleshooting scenarios have been collected from customer suppor
 experience a problem not addressed here, or the information here does not fix your problem, create a
 support ticket. For more details, see the [GitLab Support](https://about.gitlab.com/support/) page.
 
+## Debugging DAST jobs
+
+A DAST job has two executing processes:
+
+- The ZAP server.
+- A series of scripts that start, control and stop the ZAP server.
+
+Enable the `DAST_DEBUG` CI/CD variable to debug scripts. This can help when troubleshooting the job,
+and outputs statements indicating what percentage of the scan is complete.
+For details on using variables, see [Overriding the DAST template](index.md#customizing-the-dast-settings).
+
+Debug mode of the ZAP server can be enabled using the `DAST_ZAP_LOG_CONFIGURATION` variable.
+The following table outlines examples of values that can be set and the effect that they have on the output that is logged.
+Multiple values can be specified, separated by semicolons.
+
+For example, `log4j.logger.org.parosproxy.paros.network.HttpSender=DEBUG;log4j.logger.com.crawljax=DEBUG`.
+
+| Log configuration value                                      | Effect                                                            |
+|--------------------------------------------------            | ----------------------------------------------------------------- |
+| `log4j.rootLogger=DEBUG`                                     | Enable all debug logging statements.                              |
+| `log4j.logger.org.apache.commons.httpclient=DEBUG`           | Log every HTTP request and response made by the ZAP server.       |
+| `log4j.logger.org.zaproxy.zap.spider.SpiderController=DEBUG` | Log URLs found during the spider scan of the target.              |
+| `log4j.logger.com.crawljax=DEBUG`                            | Enable Ajax Crawler debug logging statements.                     |
+| `log4j.logger.org.parosproxy.paros=DEBUG`                    | Enable ZAP server proxy debug logging statements.                 |
+| `log4j.logger.org.zaproxy.zap=DEBUG`                         | Enable debug logging statements of the general ZAP server code.   |
+
 ## Running out of memory
 
 By default, ZAProxy, which DAST relies on, is allocated memory that sums to 25%
author	GitLab Bot <gitlab-bot@gitlab.com>	2021-08-19 09:08:42 +0000
committer	GitLab Bot <gitlab-bot@gitlab.com>	2021-08-19 09:08:42 +0000
commit	b76ae638462ab0f673e5915986070518dd3f9ad3 (patch)
tree	bdab0533383b52873be0ec0eb4d3c66598ff8b91 /doc/user/application_security/dast/dast_troubleshooting.md
parent	434373eabe7b4be9593d18a585fb763f1e5f1a6f (diff)
download	gitlab-ce-b76ae638462ab0f673e5915986070518dd3f9ad3.tar.gz