Dynamic Application Security Testing (DAST) [ULTIMATE]
Running static checks on your code is the first step to detect vulnerabilities that can put the security of your code at risk. Yet, once deployed, your application is exposed to a new category of possible attacks, such as cross-site scripting or broken authentication flaws. This is where Dynamic Application Security Testing (DAST) comes into place.
If you are using GitLab CI/CD, you can analyze your running web application(s) for known vulnerabilities using Dynamic Application Security Testing (DAST).
Going a step further, GitLab can show the vulnerability list right in the merge request widget area.
It helps you automatically find security vulnerabilities in your running web applications while you are developing and testing your applications.
How it works
First of all, you need to define a job in your
.gitlab-ci.yml file that generates the
DAST report artifact.
For more information on how the DAST job should look like, check the
example on Dynamic Application Security Testing with GitLab CI/CD.
GitLab then checks this report, compares the found vulnerabilities between the source and target branches, and shows the information right on the merge request.
By clicking on one of the detected linked vulnerabilities, you will be able to see the details and the URL(s) affected.