1 files changed, 6 insertions, 0 deletions

diff --git a/doc/user/application_security/dast/index.md b/doc/user/application_security/dast/index.md
index 4a6d3151437..f21e1312eef 100644
--- a/doc/user/application_security/dast/index.md
+++ b/doc/user/application_security/dast/index.md
@@ -1152,6 +1152,9 @@ To delete an on-demand scan:
 
 ## Site profile
 
+> - Scan method [Enabled on GitLab.com and self-managed](https://gitlab.com/gitlab-org/gitlab/-/issues/345837) in GitLab 15.6.
+> - File URL [Enabled on GitLab.com and self-managed](https://gitlab.com/gitlab-org/gitlab/-/issues/345837) in GitLab 15.6.
+
 A site profile defines the attributes and configuration details of the deployed application,
 website, or API to be scanned by DAST. A site profile can be referenced in `.gitlab-ci.yml` and
 on-demand scans.
@@ -1172,6 +1175,9 @@ A site profile contains:
   - **Password form field**: The name of password field at the sign-in HTML form.
   - **Submit form field**: The `id` or `name` of the element that when selected submits the sign-in HTML form.
 
+- **Scan method**: A type of method to perform API testing. The supported methods are OpenAPI, Postman Collections, and HTTP Archive (HAR) documents.
+- **File URL**: The URL of the OpenAPI, Postman Collection, or HTTP Archive file.
+
 When an API site type is selected, a [host override](#host-override) is used to ensure the API being scanned is on the same host as the target. This is done to reduce the risk of running an active scan against the wrong API.
 
 When configured, request headers and password fields are encrypted using [`aes-256-gcm`](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard) before being stored in the database.