Dynamic Application Security Testing (DAST)
Test a running application for vulnerabilities with GitLab DAST
version v7.2.
For up-to-date documentation, see the
latest version.
less than a minute

GitLab Ultimate embeds a suite of security scanners directly into your CI/CD pipelines. They cover two complementary approaches: static analysis (source code, dependencies, secrets) and dynamic analysis (running application). All results are centralised in a single vulnerability report within GitLab.
Not familiar with the terminology? See SAST, DAST, SCA and other security terms in the glossary.
Test a running application for vulnerabilities with GitLab DAST
Identify source code vulnerabilities with GitLab SAST analyzers
Analyze dependencies and container images for known vulnerabilities
Scan your codebase for leaked secrets, API keys, and passwords
Enforce security requirements on merge requests, scans, and pipelines
View, triage, and remediate vulnerabilities across your projects