►
From YouTube: Gitlab 13.7 kickoff - Secure:Dynamic Analysis
Description
Planning issue - https://gitlab.com/gitlab-org/gitlab/-/issues/283979
Direction page - https://about.gitlab.com/direction/secure/dynamic-analysis/dast/
A
Hi,
this
is
derek
ferguson
senior
product
manager
for
the
dynamic
analysis
group
here
at
git
lab,
and
today
I'm
going
to
be
going
over
what
we
will
be
working
on
in
the
13
7
release
of
git
lab.
The
first
thing
that
we
have
going
on
in
our
highest
priority
is
working
on
the
browser
scanner
for
dast.
The
first
step
of
this
new
scanner
is
going
to
be
implementing
it
as
a
new
option
for
spidering,
based
on
what
we
expect.
A
The
second
thing
that
we'll
be
adding
is
site
validation
for
the
on-demand
scans.
This
will
help
users
be
able
to
lock
down
their
sites
to
disallow
scanning
without
the
site
being
validated.
So
in
order
to
conduct
an
active
scan
on
a
website,
you'll
have
to
validate
that
site.
First,
so
we've
moved
the
validation
out
from
the
site
profile
into
the
profile
library
that
way,
you'll
be
able
to
validate
multiple
sites
that
have
the
same
host
url
at
the
same
time.
A
A
A
We
will
show
you
on
the
url
that
there
are
multiple
urls
that
that
this
is
found
at,
and
you
can
click
on
that
and
download
these
urls
in
a
csv
so
that
you
can
go
through
and
arrange
these
and
figure
out
exactly
what's
going
on
and
whether
these
will
be
fixed
by
a
single
change
or
whether
multiple
changes
will
be
needed.
A
We
will
be
looking
at
our
integration
of
peach
api
into
dast,
as
we
as
peach
was
a
recent
acquisition.
We
are
working
towards
that
integration
and
figuring
out
exactly
what
we
need
to
do
in
order
to
have
peach
as
an
option
for
a
scanner
for
api
das
scans
and
finally,
for
the
on-demand
scans.
We
currently
have
a
landing
page
that
really
does
not
provide
that
much
usefulness
to
users,
so
we'll
be
removing
that
landing
page
and
allowing
users
to
go
directly
to
the
on-demand
configuration
area
for
das
scans,
and
that
is
the
main.