1# To contribute improvements to CI/CD templates, please follow the Development guide at:
2# https://docs.gitlab.com/ee/development/cicd/templates.html
3# This specific template is located at:
4# https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Security/DAST.latest.gitlab-ci.yml
5
6# To use this template, add the following to your .gitlab-ci.yml file:
7#
8# include:
9#   template: DAST.latest.gitlab-ci.yml
10#
11# You also need to add a `dast` stage to your `stages:` configuration. A sample configuration for DAST:
12#
13# stages:
14#   - build
15#   - test
16#   - deploy
17#   - dast
18
19# Read more about this feature here: https://docs.gitlab.com/ee/user/application_security/dast/
20
21# Configure DAST with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/index.html).
22# List of available variables: https://docs.gitlab.com/ee/user/application_security/dast/#available-variables
23
24variables:
25  DAST_VERSION: 2
26  # Setting this variable will affect all Security templates
27  # (SAST, Dependency Scanning, ...)
28  SECURE_ANALYZERS_PREFIX: "registry.gitlab.com/gitlab-org/security-products/analyzers"
29
30dast:
31  stage: dast
32  image:
33    name: "$SECURE_ANALYZERS_PREFIX/dast:$DAST_VERSION"
34  variables:
35    GIT_STRATEGY: none
36  allow_failure: true
37  script:
38    - export DAST_WEBSITE=${DAST_WEBSITE:-$(cat environment_url.txt)}
39    - if [ -z "$DAST_WEBSITE$DAST_API_SPECIFICATION" ]; then echo "Either DAST_WEBSITE or DAST_API_SPECIFICATION must be set. See https://docs.gitlab.com/ee/user/application_security/dast/#configuration for more details." && exit 1; fi
40    - /analyze
41  artifacts:
42    reports:
43      dast: gl-dast-report.json
44  rules:
45    - if: $DAST_DISABLED
46      when: never
47    - if: $DAST_DISABLED_FOR_DEFAULT_BRANCH &&
48          $CI_DEFAULT_BRANCH == $CI_COMMIT_REF_NAME
49      when: never
50    - if: $CI_DEFAULT_BRANCH != $CI_COMMIT_REF_NAME &&
51          $REVIEW_DISABLED && $DAST_WEBSITE == null &&
52          $DAST_API_SPECIFICATION == null
53      when: never
54    - if: $CI_COMMIT_BRANCH &&
55          ($CI_KUBERNETES_ACTIVE || $KUBECONFIG) &&
56          $GITLAB_FEATURES =~ /\bdast\b/
57    - if: $CI_COMMIT_BRANCH &&
58          $DAST_WEBSITE
59    - if: $CI_COMMIT_BRANCH &&
60          $DAST_API_SPECIFICATION
61