From 5c521d1f9b1e389e2f9b2b5fccf3798159a10f8d Mon Sep 17 00:00:00 2001
From: GitLab Bot <gitlab-bot@gitlab.com>
Date: Fri, 18 Oct 2019 15:06:05 +0000
Subject: Add latest changes from gitlab-org/gitlab@master

---
 doc/user/application_security/dast/index.md | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

(limited to 'doc/user/application_security/dast')

diff --git a/doc/user/application_security/dast/index.md b/doc/user/application_security/dast/index.md
index e90f219337b..951c4b9dd73 100644
--- a/doc/user/application_security/dast/index.md
+++ b/doc/user/application_security/dast/index.md
@@ -81,8 +81,15 @@ variables:
 
 There are two ways to define the URL to be scanned by DAST:
 
-- Set the `DAST_WEBSITE` [variable](../../../ci/yaml/README.md#variables).
-- Add it in an `environment_url.txt` file at the root of your project.
+1. Set the `DAST_WEBSITE` [variable](../../../ci/yaml/README.md#variables).
+
+1. Add it in an `environment_url.txt` file at the root of your project.
+    This is great for testing in dynamic environments. In order to run DAST against
+    an app that is dynamically created during a Gitlab CI pipeline, have the app
+    persist its domain in an `environment_url.txt` file, and DAST will
+    automatically parse that file to find its scan target.
+    You can see an [example](https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Jobs/Deploy.gitlab-ci.yml)
+    of this in our Auto DevOps CI YML.
 
 If both values are set, the `DAST_WEBSITE` value will take precedence.
 
-- 
cgit v1.2.1