INFO:

If you deploy your web application into a new environment, your application may become exposed to new types of attacks. For example, misconfigurations of your application server or incorrect assumptions about security controls may not be visible from the source code. Dynamic Application Security Testing (DAST) examines applications for vulnerabilities like these in deployed environments. GitLab provides the following DAST analyzers, one or more of which may be useful depending on the kind of application you’re testing. For scanning websites, use one of: The DAST proxy-based analyzer for scanning traditional applications serving simple HTML. The proxy-based analyzer can be run automatically or on-demand. The DAST browser-based analyzer for scanning applications that make heavy use of JavaScript. This includes single page web applications. For scanning APIs, use: The DAST API analyzer for scanning web APIs. Web API technologies such as GraphQL, REST, and SOAP are supported. Analyzers follow the architectural patterns described in Secure your application. Each analyzer can be configured in the pipeline using a CI template and runs the scan in a Docker container. Scans output a DAST report artifact which GitLab uses to determine discovered vulnerabilities based on differences between scan results on the source and target branches. Read more in our docs: https://docs.gitlab.com/ee/user/application_security/dast/