Update DAST scan CI configuration
What does this MR do and why?
- Change the value of
DAST_SUBMIT_FIELD
variable to a more specific identifier"name:button"
so that the DAST scan can locate the submit button in the login page easily and successfully authenticate to review the app. This will resolve the authentication errors in recent dast pipelines. - Increase the job timeout from 2 hrs to 3 hrs so that timeout errors are not hit.
- After resolving the authentication error mentioned in point 1, some of the rules were hit by timeout errors so rules that take more than 3 hrs to run are removed.
Screenshots or screen recordings
These are strongly recommended to assist reviewers and reduce the time to merge your change.
How to set up and validate locally
DAST scans run on scheduled nightly pipelines. So I have created a test MR with some additional changes to trigger dast jobs from MR. The dast pipeline with the proposed configuration changes can be seen here https://gitlab.com/gitlab-org/gitlab/-/pipelines/545987008. The jobs that will run under 3 hrs are only added to this MR.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Nikhil George