diff options
-rw-r--r-- | lib/gitlab/ci/templates/Security/DAST.gitlab-ci.yml | 57 |
1 files changed, 57 insertions, 0 deletions
diff --git a/lib/gitlab/ci/templates/Security/DAST.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/DAST.gitlab-ci.yml new file mode 100644 index 00000000000..f4e1c4d5c1f --- /dev/null +++ b/lib/gitlab/ci/templates/Security/DAST.gitlab-ci.yml @@ -0,0 +1,57 @@ +# Read more about this feature here: https://docs.gitlab.com/ee/user/project/merge_requests/dast.html + +# Configure the scanning tool through the environment variables. +# List of the variables: https://gitlab.com/gitlab-org/security-products/dast#settings +# How to set: https://docs.gitlab.com/ee/ci/yaml/#variables + +variables: + DAST_WEBSITE: http://example.com # Please edit to be your website to scan for vulnerabilities + +stages: + - dast + +dast: + stage: dast + image: docker:stable + variables: + DOCKER_DRIVER: overlay2 + allow_failure: true + services: + - docker:stable-dind + before_script: + - export DAST_VERSION=${SP_VERSION:-$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')} + - | + function dast_run() { + docker run \ + --env DAST_TARGET_AVAILABILITY_TIMEOUT \ + --volume "$PWD:/output" \ + --volume /var/run/docker.sock:/var/run/docker.sock \ + -w /output \ + "registry.gitlab.com/gitlab-org/security-products/dast:$DAST_VERSION" \ + /analyze -t $DAST_WEBSITE \ + "$@" + } + script: + - | + if [ -n "$DAST_AUTH_URL" ] + then + dast_run \ + --auth-url $DAST_AUTH_URL \ + --auth-username $DAST_USERNAME \ + --auth-password $DAST_PASSWORD \ + --auth-username-field $DAST_USERNAME_FIELD \ + --auth-password-field $DAST_PASSWORD_FIELD + else + dast_run + fi + artifacts: + reports: + dast: gl-dast-report.json + only: + refs: + - branches + variables: + - $GITLAB_FEATURES =~ /\bdast\b/ + except: + variables: + - $DAST_DISABLED |