diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-04-06 12:10:44 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-04-06 12:10:44 +0000 |
commit | ba174c982f40d71a87fd511b091753807174f7e7 (patch) | |
tree | b89d55c715288f2c2f76724c1b7ff4a6ebf90154 /lib/gitlab/ci/templates/Security/DAST.gitlab-ci.yml | |
parent | eaea945e0355826c58c3dcf887496ea91064f85c (diff) | |
download | gitlab-ce-ba174c982f40d71a87fd511b091753807174f7e7.tar.gz |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'lib/gitlab/ci/templates/Security/DAST.gitlab-ci.yml')
-rw-r--r-- | lib/gitlab/ci/templates/Security/DAST.gitlab-ci.yml | 20 |
1 files changed, 2 insertions, 18 deletions
diff --git a/lib/gitlab/ci/templates/Security/DAST.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/DAST.gitlab-ci.yml index 020d1f323ee..10ef33e71d5 100644 --- a/lib/gitlab/ci/templates/Security/DAST.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Security/DAST.gitlab-ci.yml @@ -1,7 +1,7 @@ # Read more about this feature here: https://docs.gitlab.com/ee/user/application_security/dast/ # Configure the scanning tool through the environment variables. -# List of the variables: https://gitlab.com/gitlab-org/security-products/dast#settings +# List of the variables: https://docs.gitlab.com/ee/user/application_security/dast/#available-variables # How to set: https://docs.gitlab.com/ee/ci/yaml/#variables stages: @@ -19,26 +19,10 @@ dast: name: "registry.gitlab.com/gitlab-org/security-products/dast:$DAST_VERSION" variables: GIT_STRATEGY: none - # URL to scan: - # DAST_WEBSITE: https://example.com/ - # - # Time limit for target availability (scan is attempted even when timeout): - # DAST_TARGET_AVAILABILITY_TIMEOUT: 60 - # - # Set these variables to scan with an authenticated user: - # DAST_AUTH_URL: https://example.com/sign-in - # DAST_USERNAME: john.doe@example.com - # DAST_PASSWORD: john-doe-password - # DAST_USERNAME_FIELD: session[user] # the name of username field at the sign-in HTML form - # DAST_PASSWORD_FIELD: session[password] # the name of password field at the sign-in HTML form - # DAST_AUTH_EXCLUDE_URLS: http://example.com/sign-out,http://example.com/sign-out-2 # optional: URLs to skip during the authenticated scan; comma-separated, no spaces in between - # - # Perform ZAP Full Scan, which includes both passive and active scanning: - # DAST_FULL_SCAN_ENABLED: "true" allow_failure: true script: - export DAST_WEBSITE=${DAST_WEBSITE:-$(cat environment_url.txt)} - - /analyze -t $DAST_WEBSITE + - /analyze artifacts: reports: dast: gl-dast-report.json |