diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-03-13 09:09:23 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-03-13 09:09:23 +0000 |
commit | 4cb5e5011abfe8d50ac3a7ebd0018c563c6d7af4 (patch) | |
tree | 82591df15758864325897043f855b4e4dfcb6a56 /doc/user/application_security/index.md | |
parent | 0301a0cad0063d76b1607358dc6c711ea043fdda (diff) | |
download | gitlab-ce-4cb5e5011abfe8d50ac3a7ebd0018c563c6d7af4.tar.gz |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'doc/user/application_security/index.md')
-rw-r--r-- | doc/user/application_security/index.md | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/doc/user/application_security/index.md b/doc/user/application_security/index.md index 4382c69a9ac..da9cecf110c 100644 --- a/doc/user/application_security/index.md +++ b/doc/user/application_security/index.md @@ -13,6 +13,35 @@ information provided, you can immediately begin risk analysis and remediation. For an overview of application security with GitLab, see [Security Deep Dive](https://www.youtube.com/watch?v=k4vEJnGYy84). +## Quick start + +Get started quickly with Dependency Scanning, License Scanning, and Static Application Security +Testing (SAST) by adding the following to your `.gitlab-ci.yml`: + +```yaml +include: + - template: Dependency-Scanning.gitlab-ci.yml + - template: License-Scanning.gitlab-ci.yml + - template: SAST.gitlab-ci.yml +``` + +To add Dynamic Application Security Testing (DAST) scanning, add the following to your +`.gitlab-ci.yml` and replace `https://staging.example.com` with a staging server's web address: + +```yaml +include: + - template: DAST.gitlab-ci.yml + +variables: + DAST_WEBSITE: https://staging.example.com +``` + +To ensure the DAST scanner runs *after* deploying the application to the staging server, review the [DAST full documentation](dast/index.md). + +To add Container Scanning, follow the steps listed in the [Container Scanning documentation](container_scanning/index.md#requirements). + +To further configure any of the other scanners, refer to each scanner's documentation. + ## Security scanning tools GitLab uses the following tools to scan and report known vulnerabilities found in your project. |