The site that you are currently viewing is a static version of the Software Factory
documentation delivered with the
version v7.2.
For up-to-date documentation, see the
latest version.
Dynamic Application Security Testing (DAST)
Test a running application for vulnerabilities with GitLab DAST
less than a minute
GitLab Ultimate uses the same open source tool [OWASP Zed Attack Proxy] for analysis as ZAP.
It’s already embedded in your engineering environment and results are directly published in the
vulnerability report
within GitLab.
Always use a staging environment with fake data, not on a production environment.
How does DAST Scanning Work?
The two main modes available for DAST are:
- passive: inspects an application for vulnerabilities by simulating typical user interactions. It focuses on evaluating the application’s security in the context of standard user activities.
- active scans: Active scans will check for vulnerabilities by injecting attack payloads into HTTP requests.
Tip
You can easily activate DAST by adding this configuration
in your .gitlab-ci.yml file.