►
From YouTube: A demo of running DAST in air-gapped environment
Description
This demo walks through how to configure DAST to run in an airgapped, or offline networked environment. For more information read
https://docs.gitlab.com/ee/user/application_security/dast/#running-dast-in-an-offline-air-gapped-installation
A
A
Okay,
so
in
order
to
get
to
work
in
offline
mode,
you
need
to
do
two
steps.
The
first
is
gonna
be
to
download
the
image
onto
your
local
network
and
then
the
second
is
you're
going
to
need
to
update
your
CI
template
to
do
two
things.
One
reference,
your
local
image
and
then
second,
to
reflect
the
the
new
settings
that
you're
in
need
in
based
on
the
local
image.
A
You
can
read
about
how
to
do
this
in
our
documentation,
so
this
is
the
application
security
dashed
documentation
and
we
have
a
section
here
called
running
gas
and
offline
air
gap
mode.
In
order
to
get
the
docker
image
to
your
local
network,
your
exact
steps
might
vary
depending
on
how
your
offline
or
air-gap
network
is
set
up,
but
generally
what
you
can
do
is
you
can
do
doctor
pull
from
this
particular
location.
You
can
use
version
1
or,
if
you
wanted
to,
you,
could
use
the
latest
either.
A
One
you're
gonna
want
to
do
the
darker
pull
you'll
tag
that
docker
image
with
the
location
of
your
new
repository
here
and
then
you'll.
Do
a
docker
push
to
push
up
that
dashed
image
to
your
local
repository
once
it's
there.
If
you
want
you
can
you
know,
use
a
curl
request
just
to
take
a
look
at
the
catalog,
so
we'll
do
that
here.
A
So
curl
that
you
can
see
that
I've
got
two
repositories
or
two
images
up
here.
One
is
tasks
and
one
is
webgoat.
If
you
want
to
dig
a
little
bit
more
into
what
I
have
on
you
can
take
a
look
here
and
you'll
see
that
there's
the
ghast
image
with
the
tagged
one
so
I
know
both
those
images
are
there.
The
next
step
is
to
go
ahead
and
set
up
my
get
lab,
yellow
file.
So
let
me
show
you
how
I've
done
that.
A
So
I've
created
two
branches
here:
I've
created
an
online
scam
offline
scan
just
so
we
can
take
a
look
at
the
difference.
So
if
we
look
at
the
online
scan,
we
just
have
an
include
with
the
template.
This
is
how
you
would
set
this
up
whether
you
were
using
just
a
plain
old
network-connected
scan.
We
set
up
our
variables,
which
is
our
website.
A
Another
environment
variable
do
a
full
full
scan
and
then,
in
this
case,
I'm
just
using
a
service
which
is
webgoat,
I
said
it
as
an
alias
and
that's
what
allows
me
to
scan
this
website.
But,
as
you
can
see,
these
are
referring
right
here.
In
particular,
this
is
referring
to
a
docker
image
that
is
on
the
internet.
A
I'll
go
to
my
offline
scan
here
and
we'll
take
a
look
at
how
that's
changed
so
again.
We've
got
the
exact
same
include
as
previous
we're
gonna
scan
the
website.
This
is
a
local
website,
as
you
can
see,
web
server,
but
where
that's
coming
from
is
gonna,
be
a
local
docker,
repository
or
doctor
registry,
and
then
the
next
thing
that
we
did-
and
this
is
what's
key-
is
you're.
Gonna
have
to
override
two
values
or
two
parameters
within
one
is
going
to
be
the
image
and
one:
that's
gonna
be
the
script.
A
So
the
image
is
just
going
to
be
the
location
of
your
neugast
file
and
then
the
script
is
essentially
the
same
as
in
this
template,
except
we're
going
to
add
this
part
to
it.
So,
let's
take
a
look
at
this
side-by-side.
You
can
see
here
we're
just
doing
an
export
of
the
website,
then
analyze
t
and
the
website
and
then
auto
updates.
So
if
we
look
at
the
original,
it
looks
almost
identical.
We've
got
the
export.
A
The
website
analyzed
t
website,
but
on
the
offline
version,
we're
saying
don't
add
any
updates
and
run
in
silent
mode
and
silent
mode
in
this
case
tells
the
underlying
engine,
which
is
our
exact
engine,
to
not
try
to
make
any
network
connections.
So
that's
our
offline
scan
and
then
this
is
our
online
scam
now
prior
to
recording,
this
I
actually
ran
this
job
and
I'll
show
you
the
results.
So
here
we've
got
an
online
scam
and
I
ran
the
online
scan
with
connection
to
the
internet.
So
we'll
take
a
look
at
the
results
here.
A
If
we
scroll
all
the
way
up,
you
can
see
it
got
the
registry
from
gitlab,
both
the
and
for
webgoat
I,
was
unable
to
disconnect
and
make
sure
that
I
was
offline,
and
you
can
see
that's
where
my
job
failed.
If
we
take
a
look
at
the
result
there
you
can
see
when
it
went
to
get
registry
that
get
lab
and
then,
when
it
went
to
for
the
gas
and
webgoat
it
failed
on
both
those
and
the
job
failed.
A
Coming
back,
however,
we
have
two
jobs
that
we
ran
for
offline
scan,
we'll
run
this,
and
this
had
access
to
the
Internet,
and
so
it
was
able
to
get
this.
Although
it
didn't
need
access
to
the
Internet,
it
was
able
to
get
that
when
it
had
access
and
then
when
I
shut
off
internet
access,
you
can
see
it
continued
to
pass
so
again,
because
the
location
is
a
local
network
drive,
it
didn't
need
access
to
the
Internet.