Ignore domain validation for api scans
What does this MR do?
Domain validation is used as a fail safe to ensure that domains that don't want to be scanned will not be scanned by DAST. This doesn't work for API scanning:
- The
DAST_WEBSITE
url will be a file, or a URL to a specification. This is not the same as the target API service. - Using default behaviour, the site that hosts the specification will be the one tested for domain validation.
- This MR explicitly turns the check off for API scans. An issue will be created to add the functionality for API scans.
What are the relevant issue numbers?
gitlab-org/gitlab#10928 (closed)
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for GitLab EE, if necessary -
Documentation created/updated for this project, if necessary -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Job definition updated, if necessary -
Job definition example -
Vendored CI Templates (also in CE)
-
-
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports checked/validated by reviewer