From ac68e7e7ea95b876714b2c7b30fc932fb5fcd81f Mon Sep 17 00:00:00 2001 From: Avielle Wolfe <awolfe@gitlab.com> Date: Wed, 21 Oct 2020 20:59:31 +0000 Subject: [PATCH] Add docs for `DAST_SPIDER_START_AT_HOST` When `false`, DAST uses the original target. When `true`, DAST will reset a non-host target `http://test.site/some_path` to its host `http://test.site`. https://gitlab.com/gitlab-org/gitlab/-/issues/258805 --- doc/user/application_security/dast/index.md | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/user/application_security/dast/index.md b/doc/user/application_security/dast/index.md index 1e83d7b8bf06e..4d02804d1dbce 100644 --- a/doc/user/application_security/dast/index.md +++ b/doc/user/application_security/dast/index.md @@ -476,6 +476,7 @@ DAST can be [configured](#customizing-the-dast-settings) using environment varia | `SECURE_ANALYZERS_PREFIX` | URL | Set the Docker registry base address from which to download the analyzer. | | `DAST_WEBSITE` | URL | The URL of the website to scan. `DAST_API_SPECIFICATION` must be specified if this is omitted. | | `DAST_API_SPECIFICATION` | URL or string | The API specification to import. The specification can be hosted at a URL, or the name of a file present in the `/zap/wrk` directory. `DAST_WEBSITE` must be specified if this is omitted. | +| `DAST_SPIDER_START_AT_HOST` | boolean | Set to `false` to prevent DAST from resetting the target to its host before scanning. When `true`, non-host targets `http://test.site/some_path` will be reset to `http://test.site` before scan. Default: `true`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/258805) in GitLab 13.6. | | `DAST_AUTH_URL` | URL | The URL of the page containing the sign-in HTML form on the target website. `DAST_USERNAME` and `DAST_PASSWORD` are submitted with the login form to create an authenticated scan. Not supported for API scans. | | `DAST_USERNAME` | string | The username to authenticate to in the website. | | `DAST_PASSWORD` | string | The password to authenticate to in the website. | -- GitLab