GitLab has recently introduced a browser-based Dynamic Application Security Testing (DAST) feature in version 16.4 (or DAST 4.0.9). This development is part of GitLab’s ongoing efforts to enhance browser-based DAST by integrating passive checks. The release includes active check-in capabilities.
Customers conducting active scans (full scans) will now automatically use GitLab active checks as the DAST team releases them. Each corresponding ZAP alert will be deactivated at that time. However, customers can opt out and revert to ZAP alerts by setting the CI/CD variable DAST_FF_BROWSER_BASED_ACTIVE_ATTACK to false.