The site that you are currently viewing is a static version of the Software Factory documentation delivered with the

version v7.2.
For up-to-date documentation, see the latest version.

How to Enable GitLab DAST

Enable GitLab DAST on your project to scan a running web application for vulnerabilities.
For more information, see DAST practice

.

Configure your pipeline

Important

DAST requires a running web application accessible from the GitLab Runner, not just your local machine.

Add the following to your .gitlab-ci.yml, adapting the URL to target a running instance, and push to your repository:

stages:
  - dast

include:
  - template: Security/DAST.gitlab-ci.yml

dast:
  variables:
    DAST_TARGET_URL: "https://your-target-url.com"
Note

By default, the DAST template only runs on the default branch. To enable it on other branches, add custom rules to your pipeline configuration.

Tip

To avoid cloning the repository locally, GitLab can generate this change for you. Requires Maintainer role. Go to Secure > Security configuration , find the Dynamic Application Security Testing (DAST) row, select Enable DAST , then Create merge request .

dast-enable