• Create a DAST CI/CD job

Enabling the analyzer

To run a DAST scan:

• Read the requirements conditions for running a DAST scan.
• Create a DAST job in your CI/CD pipeline.
• Authenticate as a user if your application requires it.

Create a DAST CI/CD job

• This template was updated to DAST_VERSION: 3 in GitLab 15.0.
• This template was updated to DAST_VERSION: 4 in GitLab 16.0.

To add DAST scanning to your application, use the DAST job defined in the GitLab DAST CI/CD template file. Updates to the template are provided with GitLab upgrades, allowing you to benefit from any improvements and additions.

To create the CI/CD job:

1. Include the appropriate CI/CD template:

   • DAST.gitlab-ci.yml: Stable version of the DAST CI/CD template.
   • DAST.latest.gitlab-ci.yml: Latest version of the DAST template.
   The latest version of the template may include breaking changes. Use the stable template unless you need a feature provided only in the latest template.

   For more information about template versioning, see the CI/CD documentation.

2. Add a dast stage to your GitLab CI/CD stages configuration.

3. Define the URL to be scanned by DAST by using one of these methods:

   • Set the DAST_WEBSITE CI/CD variable. If set, this value takes precedence.

   • Adding the URL in an environment_url.txt file at your project’s root is great for testing in dynamic environments. To run DAST against an application dynamically created during a GitLab CI/CD pipeline, write the application URL to an environment_url.txt file. DAST automatically reads the URL to find the scan target.

     You can see an example of this in our Auto DevOps CI YAML.

4. Set the DAST_BROWSER_SCAN CI/CD variable to "true".

For example:

stages:
  - build
  - test
  - deploy
  - dast

include:
  - template: DAST.gitlab-ci.yml

dast:
  variables:
    DAST_WEBSITE: "https://example.com"
    DAST_BROWSER_SCAN: "true"