Skip to content

Add option to specify target type for DAST Profiles

Dheeraj Joshi requested to merge djadmin-dast-site-type into master

Related issue - #294059 (closed)

What does this MR do?

Corresponding backend MR - !58723 (merged)

Screenshots (strongly suggested)

  • Profile form
Website Rest API
image image
  • Summary section

image

How to test this

  1. Enable the feature flag.
echo " Feature.enable(:security_dast_site_profiles_api_option)" | rails c

  1. Navigate to the DAST profile library page in your GDK: /:namespace/:project/-/security/configuration/dast_profiles#site-profiles

  2. Select create new site profile

Known issues

  • Updating a site profile might not work as excepted, as backend is in development.
  • When switching between Rest API and Website options, the auth fields would get populated with weird Js objects, will be fixed by #328376 (closed)

These issues should not block the MR, as the entire feature is in dev & behind dedicated feature flag.

Does this MR meet the acceptance criteria?

Conformity

Availability and Testing

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

  • Label as security and @ mention @gitlab-com/gl-security/appsec
  • The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
  • Security reports checked/validated by a reviewer from the AppSec team
Edited by Alex Kalderimis

Merge request reports