Add an E2E spec for On Demand DAST (!146062) · Merge requests · GitLab.org / GitLab

Will Meek requested to merge on_demand_dast_e2e_spec into master Feb 28, 2024

What does this MR do and why?

Adds a DAST On demand scan E2E spec, as per #440451 (closed) , requested in #438571 (comment 1737816114) and to be used as a regression test when DAST moves from proxy based to browser based testing.

Starts up a Webgoat instance, a deliberately insecure application used for security testing
Starts an on-demand DAST scan targeting instance
Check DAST job is created
The results of the scan, including a known vulnerability, can then be viewed in the vulnerability report, the scanned URL is found.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

How to set up and validate locally

NOTE: Ensure that any GDK runners are stopped, as they may not be on the test docker network!

qa % CHROME_HEADLESS=false bundle exec bin/qa Test::Instance::All http://gdk.test:3000/ ./qa/specs/features/ee/browser_ui/13_secure/on_demand_dast_spec.rb

Edited Mar 07, 2024 by Will Meek

Add an E2E spec for On Demand DAST

What does this MR do and why?

MR acceptance checklist

How to set up and validate locally

Merge request reports