<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Dast on Software Factory</title><link>/tags/dast/</link><description>Recent content in Dast on Software Factory</description><generator>Hugo</generator><language>en</language><atom:link href="/tags/dast/index.xml" rel="self" type="application/rss+xml"/><item><title>Secure</title><link>/use/tools/gitlab/secure/</link><pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate><guid>/use/tools/gitlab/secure/</guid><description>&lt;p&gt;&lt;img src="../img/gitlab-security-header.png" alt="GitLab secure"&gt;&lt;/p&gt;
&lt;p&gt;GitLab Ultimate embeds a suite of security scanners directly into your CI/CD pipelines.
They cover two complementary approaches: &lt;strong&gt;static analysis&lt;/strong&gt; (source code, dependencies, secrets)
and &lt;strong&gt;dynamic analysis&lt;/strong&gt; (running application).
All results are centralised in a single &lt;a href="/use/tools/gitlab/secure/vulnerability-report/"&gt;vulnerability report&lt;/a&gt;
 within GitLab.&lt;/p&gt;

 &lt;link rel="stylesheet" href="/css/vendors/admonitions.css"&gt;
 &lt;div class="admonition tip"&gt;
 &lt;div class="admonition-header"&gt;&lt;svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 384 512"&gt;&lt;path d="M272 384c9.6-31.9 29.5-59.1 49.2-86.2c0 0 0 0 0 0c5.2-7.1 10.4-14.2 15.4-21.4c19.8-28.5 31.4-63 31.4-100.3C368 78.8 289.2 0 192 0S16 78.8 16 176c0 37.3 11.6 71.9 31.4 100.3c5 7.2 10.2 14.3 15.4 21.4c0 0 0 0 0 0c19.8 27.1 39.7 54.4 49.2 86.2l160 0zM192 512c44.2 0 80-35.8 80-80l0-16-160 0 0 16c0 44.2 35.8 80 80 80zM112 176c0 8.8-7.2 16-16 16s-16-7.2-16-16c0-61.9 50.1-112 112-112c8.8 0 16 7.2 16 16s-7.2 16-16 16c-44.2 0-80 35.8-80 80z"/&gt;&lt;/svg&gt;
 &lt;span&gt;Tip&lt;/span&gt;
 &lt;/div&gt;
 &lt;div class="admonition-content"&gt;
 &lt;p&gt;Not familiar with the terminology?
See &lt;a href="/get-started/glossary/#security"&gt;SAST, DAST, SCA and other security terms&lt;/a&gt;
 in the glossary.&lt;/p&gt;</description></item><item><title>Dynamic Application Security Testing (DAST)</title><link>/use/tools/gitlab/secure/dast/</link><pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate><guid>/use/tools/gitlab/secure/dast/</guid><description>&lt;div style="display: flex; align-items: flex-start; gap: 1.5rem; margin-bottom: 1rem; max-width: 80%;"&gt;
 &lt;img src="/logo/gitlab.svg" alt="GitLab logo"
 width="100"
 style="flex-shrink: 0;"&gt;
 &lt;div&gt;GitLab Ultimate uses the same open source tool [OWASP Zed Attack Proxy] for analysis as ZAP.
It&amp;rsquo;s already embedded in your engineering environment and results are directly published in the
&lt;a href="/use/tools/gitlab/secure/vulnerability-report/"&gt;vulnerability report&lt;/a&gt;
 within GitLab.&lt;/div&gt;
&lt;/div&gt;


 &lt;link rel="stylesheet" href="/css/vendors/admonitions.css"&gt;
 &lt;div class="admonition warning"&gt;
 &lt;div class="admonition-header"&gt;&lt;svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"&gt;&lt;path d="M256 32c14.2 0 27.3 7.5 34.5 19.8l216 368c7.3 12.4 7.3 27.7 .2 40.1S486.3 480 472 480L40 480c-14.3 0-27.6-7.7-34.7-20.1s-7-27.8 .2-40.1l216-368C228.7 39.5 241.8 32 256 32zm0 128c-13.3 0-24 10.7-24 24l0 112c0 13.3 10.7 24 24 24s24-10.7 24-24l0-112c0-13.3-10.7-24-24-24zm32 224a32 32 0 1 0 -64 0 32 32 0 1 0 64 0z"/&gt;&lt;/svg&gt;
 &lt;span&gt;Always use a staging environment with fake data, not on a production environment.&lt;/span&gt;
 &lt;/div&gt;
 &lt;/div&gt;&lt;h2 id="how-does-dast-scanning-work"&gt;How does DAST Scanning Work?&lt;a class="td-heading-self-link" href="#how-does-dast-scanning-work" aria-label="Heading self-link"&gt;&lt;/a&gt;&lt;/h2&gt;
&lt;p&gt;The two main modes available for DAST are:&lt;/p&gt;</description></item></channel></rss>