Update DAST CI template to include new DAST API analyzer (!51824) · Merge requests · GitLab.org / GitLab

Michael Eddington requested to merge 284683-add-peach-api-to-dast-tmplt into master Jan 16, 2021

What does this MR do?

Adds new DAST API analyzer utilizing GitLab's API Security scanner. The new job is in beta behind the DAST_API_BETA variable.

Updated DAST.latest ci template
Added tests for latest DAST CI template
Added dast_api tests for DAST.latest ci templates

Relates to #284683 (closed)

CI Template

These changes are backwards compatible and only made to the latest version. The the new dast_api job is behind a variable DAST_API_BETA.
A spec file has been added for latest version with additional tests for dast_api job.
Test project for DAST.latest ci template:

Screenshots (strongly suggested)

NOTE: Latest CI template doesn't show up in list. This is also the case prior to changes.

Does this MR meet the acceptance criteria?

Conformity

Availability and Testing

[-] Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process.
[-] Tested in all supported browsers
[-] Informed Infrastructure department of a default or new setting change, if applicable per definition of done

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

[-] Label as security and @ mention @gitlab-com/gl-security/appsec
[-] The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
[-] Security reports checked/validated by a reviewer from the AppSec team

Edited Mar 17, 2021 by Michael Eddington

Update DAST CI template to include new DAST API analyzer