It can be very useful combined with Review Apps.
All you need is a GitLab Runner with the Docker executor (the shared Runners on
GitLab.com will work fine). You can then add a new job to
dast: image: owasp/zap2docker-stable variables: website: "https://example.com" script: - mkdir /zap/wrk/ - /zap/zap-baseline.py -J gl-dast-report.json -t $website || true - cp /zap/wrk/gl-dast-report.json . artifacts: paths: [gl-dast-report.json]
The above example will create a
dast job in your CI/CD pipeline which will run
the tests on the URL defined in the
website variable (change it to use your
own) and finally write the results in the
gl-dast-report.json file. You can
then download and analyze the report artifact in JSON format.
dastand the artifact path must be
gl-dast-report.json. Learn more about DAST results shown in merge requests.