include:
  - template: DAST-API.gitlab-ci.yml

dast_api:
  needs: ["review-deploy"]
  # Uncomment resource_group if DAST_API_PROFILE is changed to an active scan
  # resource_group: dast_api_scan
  rules:
    - when: never

dast_api_graphql:
  extends: dast_api
  variables:
    DAST_API_GRAPHQL: /api/graphql
    DAST_API_PROFILE: Passive
    DAST_API_TARGET_URL: ${CI_ENVIRONMENT_URL}
    DAST_API_OVERRIDES_ENV: "{\"headers\":{\"Authorization\":\"Bearer $REVIEW_APPS_ROOT_TOKEN\"}}"
  rules:
    - !reference [".reports:rules:schedule-dast", rules]
    #
    # To run this job in an MR pipeline, use this rule:
    # - !reference [".reports:rules:test-dast", rules]

dast_api_rest:
  extends: dast_api
  variables:
    DAST_API_OPENAPI: doc/api/openapi/openapi_v2.yaml
    DAST_API_PROFILE: Passive
    DAST_API_TARGET_URL: ${CI_ENVIRONMENT_URL}
    DAST_API_OVERRIDES_ENV: "{\"headers\":{\"Authorization\":\"Bearer $REVIEW_APPS_ROOT_TOKEN\"}}"
  rules:
    - !reference [".reports:rules:schedule-dast", rules]
    #
    # To run this job in an MR pipeline, use this rule:
    # - !reference [".reports:rules:test-dast", rules]