diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-11-01 12:09:50 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-11-01 12:09:50 +0300 |
commit | 45ec210a8038cd3ade51bb29018c5805a3f6fae5 (patch) | |
tree | f61c72609596b3b146e7f84674f2d8320ecab835 /doc/user | |
parent | 50c3e720725fa9739587ff76c645331ecf9d95d6 (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'doc/user')
-rw-r--r-- | doc/user/application_security/container_scanning/index.md | 3 | ||||
-rw-r--r-- | doc/user/application_security/dast/proxy-based.md | 3 |
2 files changed, 5 insertions, 1 deletions
diff --git a/doc/user/application_security/container_scanning/index.md b/doc/user/application_security/container_scanning/index.md index bfe3dcd9def..34699360228 100644 --- a/doc/user/application_security/container_scanning/index.md +++ b/doc/user/application_security/container_scanning/index.md @@ -22,8 +22,9 @@ vulnerabilities. By including an extra Container Scanning job in your pipeline t vulnerabilities and displays them in a merge request, you can use GitLab to audit your Docker-based apps. -<i class="fa fa-youtube-play youtube" aria-hidden="true"></i> +- <i class="fa fa-youtube-play youtube" aria-hidden="true"></i> For an overview, see [Container Scanning](https://www.youtube.com/watch?v=C0jn2eN5MAs). +- <i class="fa fa-youtube-play youtube" aria-hidden="true"></i> For a video walkthrough, see [How to set up Container Scanning using GitLab](https://youtu.be/h__mcXpil_4?si=w_BVG68qnkL9x4l1). Container Scanning is often considered part of Software Composition Analysis (SCA). SCA can contain aspects of inspecting the items your code uses. These items typically include application and system diff --git a/doc/user/application_security/dast/proxy-based.md b/doc/user/application_security/dast/proxy-based.md index ba64517570f..9e59ecc64d9 100644 --- a/doc/user/application_security/dast/proxy-based.md +++ b/doc/user/application_security/dast/proxy-based.md @@ -11,6 +11,9 @@ The DAST proxy-based analyzer can be added to your [GitLab CI/CD](../../../ci/in This helps you discover vulnerabilities in web applications that do not use JavaScript heavily. For applications that do, see the [DAST browser-based analyzer](browser_based.md). +<i class="fa fa-youtube-play youtube" aria-hidden="true"></i> +For a video walkthrough, see [How to set up Dynamic Application Security Testing (DAST) with GitLab](https://youtu.be/EiFE1QrUQfk?si=6rpgwgUpalw3ByiV). + WARNING: Do not run DAST scans against a production server. Not only can it perform *any* function that a user can, such as clicking buttons or submitting forms, but it may also trigger bugs, leading to modification or loss of production data. Only run DAST scans against a test server. |