This project is mirrored from https://gitlab.com/gitlab-org/security-products/dast.git.
Pull mirroring updated .
Fixed issues with Full Scans not running
DAST depends on stable ZAP releases
Add help CLI option to show options and environment variables supported; expose ZAP logs while executing scan.
Implement domain validation option for full scans (!35)
Report which URLs were scanned (!24)
Fix max. curl timeout to be longer than 150 seconds (!26)
Fix auto login functionality. Auto login is used if the HTML elements for username, password, or submit button have not been specified.
Fix a bug where `analyze` would fail if only `DAST_WEBSITE` was used. https://gitlab.com/gitlab-org/gitlab-ee/issues/11744
Accept $DAST_WEBSITE env var instead of `-t` parameter (still supported for backward compatibility)
Add [ZAP Full Scan](https://github.com/zaproxy/zaproxy/wiki/ZAP-Full-Scan) support (!14)
Add workaround for supporting long CLI auth options
Fix a problem with multiple login buttons on the login page.
First release of the DAST GitLab image