2019-09-04 21:01:54 +05:30
# Read more about this feature here: https://docs.gitlab.com/ee/user/application_security/dast/
2019-07-07 11:18:12 +05:30
# Configure the scanning tool through the environment variables.
2020-04-22 19:07:51 +05:30
# List of the variables: https://docs.gitlab.com/ee/user/application_security/dast/#available-variables
2019-07-07 11:18:12 +05:30
# How to set: https://docs.gitlab.com/ee/ci/yaml/#variables
stages :
- build
- test
- deploy
- dast
2020-03-13 15:44:24 +05:30
variables :
DAST_VERSION : 1
2020-05-24 23:13:21 +05:30
# Setting this variable will affect all Security templates
# (SAST, Dependency Scanning, ...)
SECURE_ANALYZERS_PREFIX : "registry.gitlab.com/gitlab-org/security-products/analyzers"
2020-03-13 15:44:24 +05:30
2019-07-07 11:18:12 +05:30
dast :
stage : dast
2019-09-04 21:01:54 +05:30
image :
2020-05-24 23:13:21 +05:30
name : "$SECURE_ANALYZERS_PREFIX/dast:$DAST_VERSION"
2019-07-07 11:18:12 +05:30
variables :
2020-04-08 14:13:33 +05:30
GIT_STRATEGY : none
2019-07-07 11:18:12 +05:30
allow_failure : true
script :
- export DAST_WEBSITE=${DAST_WEBSITE:-$(cat environment_url.txt)}
2020-04-22 19:07:51 +05:30
- if [ -z "$DAST_WEBSITE$DAST_API_SPECIFICATION" ]; then echo "Either DAST_WEBSITE or DAST_API_SPECIFICATION must be set. See https://docs.gitlab.com/ee/user/application_security/dast/#configuration for more details." && exit 1; fi
- /analyze
2019-07-07 11:18:12 +05:30
artifacts :
reports :
dast : gl-dast-report.json
2020-05-24 23:13:21 +05:30
rules :
- if : $DAST_DISABLED
when : never
- if : $DAST_DISABLED_FOR_DEFAULT_BRANCH &&
$CI_DEFAULT_BRANCH == $CI_COMMIT_REF_NAME
when : never
- if : $CI_DEFAULT_BRANCH != $CI_COMMIT_REF_NAME &&
$REVIEW_DISABLED && $DAST_WEBSITE == null &&
$DAST_API_SPECIFICATION == null
when : never
- if : $CI_COMMIT_BRANCH &&
$GITLAB_FEATURES =~ /\bdast\b/