Add a Breach and Attack Simulation CI template
What does this MR do and why?
Introduce a Security/BAS.latest.gitlab-ci.yml
CI template to enable adoption of the BAS incubation project's extended DAST configuration and establish reference configuration for using the callback service container.
Close #410071 (closed).
How to set up and validate locally
- Create a new project in GitLab with the contents below.
- Verify two jobs run which run DAST against the example vulnerable web app.
- Both jobs include vulnerabilities for CWE-94 with a severity of CRITICAL.
- See dast-callback-attacks demo for an example.
include:
- remote: https://gitlab.com/gitlab-org/gitlab/-/raw/410071-add-bas-ci-template/lib/gitlab/ci/templates/Security/BAS.latest.gitlab-ci.yml
stages:
- dast
variables:
DAST_BROWSER_INCLUDE_ONLY_RULES: "94.4.2,611.1"
DAST_WEBSITE: "http://vulnapp"
VULNAPP_IMAGE: registry.gitlab.com/gitlab-org/incubation-engineering/breach-and-attack-simulation/security-products/vulnerable-web-apps/node:latest
dast:
extends: .dast_with_bas_using_services
services:
- name: "$SECURE_ANALYZERS_PREFIX/callback:$BAS_CALLBACK_IMAGE_TAG"
alias: callback
- name: $VULNAPP_IMAGE
alias: vulnapp
dast_with_bas:
extends:
- dast
- .dast_with_bas_using_services
services:
- name: "$SECURE_ANALYZERS_PREFIX/callback:$BAS_CALLBACK_IMAGE_TAG"
alias: callback
- name: $VULNAPP_IMAGE
alias: vulnapp
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #410071 (closed)
Edited by Erran Carey