Replace DAST job definition with a vendored template
Problem to solve
Job definition for ~dast is frozen, and can't be easily updated without creating breaking changes.
Further details
With https://gitlab.com/gitlab-org/gitlab-ce/issues/53445, we'll be able to ship a template embedded with each version of GitLab. The template can be updated from one version to another, without impacting our users.
Proposal
What does success look like, and how can we measure that?
The new official job definition is a single inclusion instruction:
include:
template: DAST.gitlab-ci.yml
(see the discussion and final syntax)
Links / references
Execution
-
Add the DAST.gitlab-ci.yml
with the contents from the example to the templates dir underSecurity
subdir -
Test in the development environment on a test project -
Update the ~Documentation -
docs page, see https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/9875 -
security products release process (add a section to check the vendored template are up-to-date)
-
Edited by Victor Zagorodny