"Validation status" remains at Validating...
while validating a site profile for on-demand DAST scan
Issue
While validating a site profile for on-demand DAST scan, users are seeing:
- The "Validation status" on Site Profile remains at
Validating...
. - The error
/tmp/validate.sh: No such file or directory
in thevalidation
job log.
Environment
-
Users that redefine the environment's
HOME
directory for the runner that is performing the scan will encounter this issue. -
Impacted offerings:
- GitLab.com
- GitLab Dedicated
- GitLab Self-Managed
-
Impacted versions:
- 15.6 to current
Cause
The dast-runner-validation
Dockerfile expects that the validate.sh
script exists in /home/dast/
, which is specified in that Dockerfile as the DAST user's home directory. When the runner injects a $HOME
variable into the job container, this overrides the logged in user's home directory, while there is no validate.sh
script in the directory to execute.
Resolution OR Workaround
- Unset the
HOME
environment variable on the runner. - Use another runner without the
HOME
environment variable to run solely the validation job by temporarily disabling the affecting runner, and re-enabling after the job.
Related links
-
Feature request to address validation job issue with redefined runner
HOME
environment variable. - Feature request to allow DAST validation and on-demand scan jobs to be run on runners with specific tags.