Adherence check - Dynamic Application Security Testing (DAST)
Problem to solve
To adhere to regulatory standards and to provide evidence of compliance, I need to be able to generate a report for auditors detailing the last date/time each of my repositories were scanned by each security scanner. I would leverage this data to also action against projects that are out of compliance to bring them into compliance and ensure that scanners are properly enabled/enforced to run.
Proposal
Add an adherence check for the "GitLab Standard" that checks that Dynamic Application Security Testing (DAST) is enabled on the project.
DAST can be enabled to configure DAST for the current project. For more details, https://docs.gitlab.com/ee/user/application_security/dast/on-demand_scan.html
Implementation plan
Edited by Nate Rosandich