1# To contribute improvements to CI/CD templates, please follow the Development guide at: 2# https://docs.gitlab.com/ee/development/cicd/templates.html 3# This specific template is located at: 4# https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Security/DAST.latest.gitlab-ci.yml 5 6# To use this template, add the following to your .gitlab-ci.yml file: 7# 8# include: 9# template: DAST.latest.gitlab-ci.yml 10# 11# You also need to add a `dast` stage to your `stages:` configuration. A sample configuration for DAST: 12# 13# stages: 14# - build 15# - test 16# - deploy 17# - dast 18 19# Read more about this feature here: https://docs.gitlab.com/ee/user/application_security/dast/ 20 21# Configure DAST with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/index.html). 22# List of available variables: https://docs.gitlab.com/ee/user/application_security/dast/#available-variables 23 24variables: 25 DAST_VERSION: 2 26 # Setting this variable will affect all Security templates 27 # (SAST, Dependency Scanning, ...) 28 SECURE_ANALYZERS_PREFIX: "registry.gitlab.com/gitlab-org/security-products/analyzers" 29 30dast: 31 stage: dast 32 image: 33 name: "$SECURE_ANALYZERS_PREFIX/dast:$DAST_VERSION" 34 variables: 35 GIT_STRATEGY: none 36 allow_failure: true 37 script: 38 - export DAST_WEBSITE=${DAST_WEBSITE:-$(cat environment_url.txt)} 39 - if [ -z "$DAST_WEBSITE$DAST_API_SPECIFICATION" ]; then echo "Either DAST_WEBSITE or DAST_API_SPECIFICATION must be set. See https://docs.gitlab.com/ee/user/application_security/dast/#configuration for more details." && exit 1; fi 40 - /analyze 41 artifacts: 42 reports: 43 dast: gl-dast-report.json 44 rules: 45 - if: $DAST_DISABLED 46 when: never 47 - if: $DAST_DISABLED_FOR_DEFAULT_BRANCH && 48 $CI_DEFAULT_BRANCH == $CI_COMMIT_REF_NAME 49 when: never 50 - if: $CI_DEFAULT_BRANCH != $CI_COMMIT_REF_NAME && 51 $REVIEW_DISABLED && $DAST_WEBSITE == null && 52 $DAST_API_SPECIFICATION == null 53 when: never 54 - if: $CI_COMMIT_BRANCH && 55 ($CI_KUBERNETES_ACTIVE || $KUBECONFIG) && 56 $GITLAB_FEATURES =~ /\bdast\b/ 57 - if: $CI_COMMIT_BRANCH && 58 $DAST_WEBSITE 59 - if: $CI_COMMIT_BRANCH && 60 $DAST_API_SPECIFICATION 61