diff --git a/app/controllers/concerns/creates_commit.rb b/app/controllers/concerns/creates_commit.rb
index 5009bf7ff0c..5389cba9577 100644
--- a/app/controllers/concerns/creates_commit.rb
+++ b/app/controllers/concerns/creates_commit.rb
@@ -138,7 +138,8 @@ module CreatesCommit
     # Even if the field is set, if we're checking the same branch
     # as the target branch in the same project,
     # we don't want to create a merge request.
-    params[:create_merge_request].present? &&
+    # FIXME: We should use either 1 or true, not both.
+    ActiveModel::Type::Boolean.new.cast(params[:create_merge_request]) &&
       (@different_project || @start_branch != @branch_name) # rubocop:disable Gitlab/ModuleWithInstanceVariables
   end
 
diff --git a/app/models/ci/bridge.rb b/app/models/ci/bridge.rb
index 8db80cd05dc..d62bdfa4c87 100644
--- a/app/models/ci/bridge.rb
+++ b/app/models/ci/bridge.rb
@@ -32,10 +32,8 @@ module Ci
 
     state_machine :status do
       after_transition [:created, :manual, :waiting_for_resource] => :pending do |bridge|
-        next unless bridge.triggers_downstream_pipeline?
-
         bridge.run_after_commit do
-          ::Ci::CreateDownstreamPipelineWorker.perform_async(bridge.id)
+          Ci::TriggerDownstreamPipelineService.new(bridge).execute # rubocop: disable CodeReuse/ServiceClass
         end
       end
 
diff --git a/app/models/concerns/enums/ci/commit_status.rb b/app/models/concerns/enums/ci/commit_status.rb
index 9de2da5aac3..b6eabd46de3 100644
--- a/app/models/concerns/enums/ci/commit_status.rb
+++ b/app/models/concerns/enums/ci/commit_status.rb
@@ -41,7 +41,8 @@ module Enums
           secrets_provider_not_found: 1_008,
           reached_max_descendant_pipelines_depth: 1_009,
           ip_restriction_failure: 1_010,
-          reached_max_pipeline_hierarchy_size: 1_011
+          reached_max_pipeline_hierarchy_size: 1_011,
+          reached_downstream_pipeline_trigger_rate_limit: 1_012
         }
       end
     end
diff --git a/app/presenters/commit_status_presenter.rb b/app/presenters/commit_status_presenter.rb
index 38469be572a..28656b0ccc4 100644
--- a/app/presenters/commit_status_presenter.rb
+++ b/app/presenters/commit_status_presenter.rb
@@ -37,7 +37,8 @@ class CommitStatusPresenter < Gitlab::View::Presenter::Delegated
     environment_creation_failure: 'This job could not be executed because it would create an environment with an invalid parameter.',
     deployment_rejected: 'This deployment job was rejected.',
     ip_restriction_failure: "This job could not be executed because group IP address restrictions are enabled, and the runner's IP address is not in the allowed range.",
-    failed_outdated_deployment_job: 'The deployment job is older than the latest deployment, and therefore failed.'
+    failed_outdated_deployment_job: 'The deployment job is older than the latest deployment, and therefore failed.',
+    reached_downstream_pipeline_trigger_rate_limit: 'Too many downstream pipelines triggered in the last minute. Try again later.'
   }.freeze
 
   TROUBLESHOOTING_DOC = {
diff --git a/app/services/ci/trigger_downstream_pipeline_service.rb b/app/services/ci/trigger_downstream_pipeline_service.rb
new file mode 100644
index 00000000000..87f1c075f0e
--- /dev/null
+++ b/app/services/ci/trigger_downstream_pipeline_service.rb
@@ -0,0 +1,61 @@
+# frozen_string_literal: true
+
+module Ci
+  # Enqueues the downstream pipeline worker.
+  class TriggerDownstreamPipelineService
+    # This is a temporary constant. It may be converted into an application setting
+    # in the future. See https://gitlab.com/gitlab-org/gitlab/-/issues/425941.
+    DOWNSTREAM_PIPELINE_TRIGGER_LIMIT_PER_PROJECT_USER_SHA = 50
+
+    def initialize(bridge)
+      @bridge = bridge
+      @current_user = bridge.user
+      @project = bridge.project
+      @pipeline = bridge.pipeline
+    end
+
+    def execute
+      unless bridge.triggers_downstream_pipeline?
+        return ServiceResponse.success(message: 'Does not trigger a downstream pipeline')
+      end
+
+      if rate_limit_throttled? && enforce_rate_limit?
+        bridge.drop!(:reached_downstream_pipeline_trigger_rate_limit)
+
+        return ServiceResponse.error(message: 'Reached downstream pipeline trigger rate limit')
+      end
+
+      CreateDownstreamPipelineWorker.perform_async(bridge.id)
+
+      ServiceResponse.success(message: 'Downstream pipeline enqueued')
+    end
+
+    private
+
+    attr_reader :bridge, :current_user, :project, :pipeline
+
+    def rate_limit_throttled?
+      scope = [project, current_user, pipeline.sha]
+
+      ::Gitlab::ApplicationRateLimiter.throttled?(:downstream_pipeline_trigger, scope: scope).tap do |throttled|
+        create_throttled_log_entry if throttled
+      end
+    end
+
+    def create_throttled_log_entry
+      ::Gitlab::AppJsonLogger.info(
+        class: self.class.name,
+        project_id: project.id,
+        current_user_id: current_user.id,
+        pipeline_sha: pipeline.sha,
+        subscription_plan: project.actual_plan_name,
+        downstream_type: bridge.triggers_child_pipeline? ? 'child' : 'multi-project',
+        message: 'Activated downstream pipeline trigger rate limit'
+      )
+    end
+
+    def enforce_rate_limit?
+      ::Feature.enabled?(:ci_rate_limit_downstream_pipelines, project, type: :gitlab_com_derisk)
+    end
+  end
+end
diff --git a/config/feature_flags/gitlab_com_derisk/ci_rate_limit_downstream_pipelines.yml b/config/feature_flags/gitlab_com_derisk/ci_rate_limit_downstream_pipelines.yml
new file mode 100644
index 00000000000..8f4fa323f7b
--- /dev/null
+++ b/config/feature_flags/gitlab_com_derisk/ci_rate_limit_downstream_pipelines.yml
@@ -0,0 +1,9 @@
+---
+name: ci_rate_limit_downstream_pipelines
+feature_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/425941
+introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/142869
+rollout_issue_url: https://gitlab.com/gitlab-com/gl-infra/production/-/issues/17471
+milestone: '16.9'
+group: group::pipeline authoring
+type: gitlab_com_derisk
+default_enabled: false
diff --git a/db/docs/scan_result_policy_violations.yml b/db/docs/scan_result_policy_violations.yml
index bb56c02fb33..b481a15a0fb 100644
--- a/db/docs/scan_result_policy_violations.yml
+++ b/db/docs/scan_result_policy_violations.yml
@@ -7,4 +7,12 @@ feature_categories:
 description: Stores scan result policy violations.
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/132254
 milestone: '16.5'
-gitlab_schema: gitlab_main
+gitlab_schema: gitlab_main_cell
+allow_cross_joins:
+- gitlab_main_clusterwide
+allow_cross_transactions:
+- gitlab_main_clusterwide
+allow_cross_foreign_keys:
+- gitlab_main_clusterwide
+sharding_key:
+  project_id: projects
diff --git a/db/docs/security_orchestration_policy_configurations.yml b/db/docs/security_orchestration_policy_configurations.yml
index 388df529835..de55e9b57bc 100644
--- a/db/docs/security_orchestration_policy_configurations.yml
+++ b/db/docs/security_orchestration_policy_configurations.yml
@@ -4,9 +4,11 @@ classes:
 - Security::OrchestrationPolicyConfiguration
 feature_categories:
 - security_policy_management
-description: |
-  Relates a Project/Namespace and Security Orchestration Policy Project, where Security
-  Policies are stored in the repository as a YAML file.
+description: Relates a Project/Namespace and Security Orchestration Policy Project,
+  where Security Policies are stored in the repository as a YAML file.
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/53743
 milestone: '13.9'
 gitlab_schema: gitlab_main_cell
+sharding_key:
+  project_id: projects
+  namespace_id: namespaces
diff --git a/db/docs/software_license_policies.yml b/db/docs/software_license_policies.yml
index b533ecfee01..198e4dc3d1c 100644
--- a/db/docs/software_license_policies.yml
+++ b/db/docs/software_license_policies.yml
@@ -4,7 +4,16 @@ classes:
 - SoftwareLicensePolicy
 feature_categories:
 - security_policy_management
-description: Allows user to approve or deny the use certain software licenses in their project.
+description: Allows user to approve or deny the use certain software licenses in their
+  project.
 introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/6246
 milestone: '11.2'
-gitlab_schema: gitlab_main
+gitlab_schema: gitlab_main_cell
+allow_cross_joins:
+- gitlab_main_clusterwide
+allow_cross_transactions:
+- gitlab_main_clusterwide
+allow_cross_foreign_keys:
+- gitlab_main_clusterwide
+sharding_key:
+  project_id: projects
diff --git a/db/post_migrate/20240123120413_index_sbom_occurrences_on_project_id_component_version_id_and_input_file_path.rb b/db/post_migrate/20240123120413_index_sbom_occurrences_on_project_id_component_version_id_and_input_file_path.rb
new file mode 100644
index 00000000000..cf413e78eca
--- /dev/null
+++ b/db/post_migrate/20240123120413_index_sbom_occurrences_on_project_id_component_version_id_and_input_file_path.rb
@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+class IndexSbomOccurrencesOnProjectIdComponentVersionIdAndInputFilePath < Gitlab::Database::Migration[2.2]
+  INDEX_NAME = 'idx_sbom_occurr_on_project_component_version_input_file_path'
+  DROPPED_INDEX_NAME = 'index_sbom_occurrences_for_input_file_path_search'
+  disable_ddl_transaction!
+  milestone '16.9'
+
+  def up
+    remove_concurrent_index_by_name :sbom_occurrences, DROPPED_INDEX_NAME
+    add_concurrent_index :sbom_occurrences, %i[project_id component_version_id input_file_path], name: INDEX_NAME
+  end
+
+  def down
+    remove_concurrent_index_by_name :sbom_occurrences, INDEX_NAME
+    add_concurrent_index :sbom_occurrences, %i[project_id component_id input_file_path], name: DROPPED_INDEX_NAME
+  end
+end
diff --git a/db/schema_migrations/20240123120413 b/db/schema_migrations/20240123120413
new file mode 100644
index 00000000000..1323454ef12
--- /dev/null
+++ b/db/schema_migrations/20240123120413
@@ -0,0 +1 @@
+9b55d0889ab76a1bf64696bc1d356a99366912e1f5c3c689fd8a52d2134f7644
\ No newline at end of file
diff --git a/db/structure.sql b/db/structure.sql
index fab191e92e5..2a08c3dc4e5 100644
--- a/db/structure.sql
+++ b/db/structure.sql
@@ -32463,6 +32463,8 @@ CREATE INDEX idx_repository_states_on_wiki_failure_partial ON project_repository
 
 CREATE INDEX idx_repository_states_outdated_checksums ON project_repository_states USING btree (project_id) WHERE (((repository_verification_checksum IS NULL) AND (last_repository_verification_failure IS NULL)) OR ((wiki_verification_checksum IS NULL) AND (last_wiki_verification_failure IS NULL)));
 
+CREATE INDEX idx_sbom_occurr_on_project_component_version_input_file_path ON sbom_occurrences USING btree (project_id, component_version_id, input_file_path);
+
 CREATE INDEX idx_sbom_occurrences_on_project_id_and_source_id ON sbom_occurrences USING btree (project_id, source_id);
 
 CREATE UNIQUE INDEX idx_sbom_source_packages_on_name_and_purl_type ON sbom_source_packages USING btree (name, purl_type);
@@ -35325,8 +35327,6 @@ CREATE UNIQUE INDEX index_sbom_components_on_component_type_name_and_purl_type O
 
 CREATE INDEX index_sbom_occurr_on_project_id_and_component_version_id_and_id ON sbom_occurrences USING btree (project_id, component_version_id, id);
 
-CREATE INDEX index_sbom_occurrences_for_input_file_path_search ON sbom_occurrences USING btree (project_id, component_id, input_file_path);
-
 CREATE INDEX index_sbom_occurrences_on_component_id_and_id ON sbom_occurrences USING btree (component_id, id);
 
 CREATE INDEX index_sbom_occurrences_on_component_version_id ON sbom_occurrences USING btree (component_version_id);
diff --git a/doc/api/graphql/reference/index.md b/doc/api/graphql/reference/index.md
index e961f86bc6c..648510238e0 100644
--- a/doc/api/graphql/reference/index.md
+++ b/doc/api/graphql/reference/index.md
@@ -17324,6 +17324,7 @@ Represents a product analytics dashboard visualization.
 | Name | Type | Description |
 | ---- | ---- | ----------- |
 | <a id="customizablepermissionavailablefor"></a>`availableFor` | [`[String!]!`](#string) | Objects the permission is available for. |
+| <a id="customizablepermissionavailablefromaccesslevel"></a>`availableFromAccessLevel` | [`AccessLevel`](#accesslevel) | Access level from which the permission is available. |
 | <a id="customizablepermissiondescription"></a>`description` | [`String`](#string) | Description of the permission. |
 | <a id="customizablepermissionname"></a>`name` | [`String!`](#string) | Localized name of the permission. |
 | <a id="customizablepermissionrequirements"></a>`requirements` | [`[MemberRolePermission!]`](#memberrolepermission) | Requirements of the permission. |
@@ -29835,6 +29836,7 @@ Values for sorting inherited variables.
 | <a id="cijobfailurereasonpipeline_loop_detected"></a>`PIPELINE_LOOP_DETECTED` | A job that failed due to pipeline loop detected. |
 | <a id="cijobfailurereasonproject_deleted"></a>`PROJECT_DELETED` | A job that failed due to project deleted. |
 | <a id="cijobfailurereasonprotected_environment_failure"></a>`PROTECTED_ENVIRONMENT_FAILURE` | A job that failed due to protected environment failure. |
+| <a id="cijobfailurereasonreached_downstream_pipeline_trigger_rate_limit"></a>`REACHED_DOWNSTREAM_PIPELINE_TRIGGER_RATE_LIMIT` | A job that failed due to reached downstream pipeline trigger rate limit. |
 | <a id="cijobfailurereasonreached_max_descendant_pipelines_depth"></a>`REACHED_MAX_DESCENDANT_PIPELINES_DEPTH` | A job that failed due to reached max descendant pipelines depth. |
 | <a id="cijobfailurereasonreached_max_pipeline_hierarchy_size"></a>`REACHED_MAX_PIPELINE_HIERARCHY_SIZE` | A job that failed due to reached max pipeline hierarchy size. |
 | <a id="cijobfailurereasonrunner_system_failure"></a>`RUNNER_SYSTEM_FAILURE` | A job that failed due to runner system failure. |
diff --git a/doc/api/integrations.md b/doc/api/integrations.md
index 10395749a53..bf3ce9725a4 100644
--- a/doc/api/integrations.md
+++ b/doc/api/integrations.md
@@ -832,9 +832,13 @@ Get the Google Chat integration settings for a project.
 GET /projects/:id/integrations/hangouts-chat
 ```
 
-## Google Cloud Artifact Registry **(SAAS BETA)**
+## Google Cloud Artifact Registry
 
-> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/425066) in GitLab 16.9 as a [Beta](../policy/experiment-beta-support.md) feature [with a flag](../administration/feature_flags.md) named `gcp_artifact_registry`. Disabled by default.
+DETAILS:
+**Offering:** SaaS
+**Status:** Beta
+
+> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/425066) in GitLab 16.9 as a [Beta](../policy/experiment-beta-support.md) feature [with a flag](../administration/feature_flags.md) named `gcp_artifact_registry`. Disabled by default.
 
 FLAG:
 On GitLab.com, this feature is not available. The feature is not ready for production use.
diff --git a/doc/development/permissions/custom_roles.md b/doc/development/permissions/custom_roles.md
index 457fe5a5d8b..3337ccba0d1 100644
--- a/doc/development/permissions/custom_roles.md
+++ b/doc/development/permissions/custom_roles.md
@@ -191,6 +191,7 @@ security dashboard.
 | `group_ability` | yes | Boolean value to indicate whether this ability is checked on group level. |
 | `project_ability` | yes | Boolean value to whether this ability is checked on project level. |
 | `requirements` | no | The list of custom permissions this ability is dependent on. For instance `admin_vulnerability` is dependent on `read_vulnerability`. If none, then enter `[]`  |
+| `available_from_access_level` | no | The access level from which this ability is available, if applicable. See the section on [understanding logic for individual abilities](#understanding-logic-for-individual-abilities) for help on determining the base access level for an ability. |
 
 #### Step 2: Create a migration file
 
@@ -258,7 +259,7 @@ end
 
   before do
     stub_licensed_features(custom_roles: true)
-    
+
     sign_in(user)
   end
 
@@ -292,7 +293,7 @@ end
     include GraphqlHelpers
 
     describe '#show' do
-      let(:mutation) { graphql_mutation(:my_mutation) } 
+      let(:mutation) { graphql_mutation(:my_mutation) }
 
       it_behaves_like 'a working graphql query'
     end
diff --git a/doc/user/application_security/dast/browser/checks/1004.1.md b/doc/user/application_security/dast/browser/checks/1004.1.md
new file mode 100644
index 00000000000..737e9dcfd62
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/1004.1.md
@@ -0,0 +1,41 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Sensitive cookie without HttpOnly attribute
+
+## Description
+
+The cookie was transmitted in a `Set-Cookie` header without the `HttpOnly` attribute set.
+To prevent JavaScript being able to access the cookie value - usually via `document.cookies` - all
+cookies that are used for authorization should have the `HttpOnly` attribute
+set.
+
+## Remediation
+
+Most web application frameworks allow configuring how cookies are sent to user-agents. Consult your framework's
+documentation for more information on how to enable various security directives when assigning cookies to clients.
+
+If the application is assigning cookies via writing to the response headers directly, ensure all responses include
+the `HttpOnly` attribute. By enabling this protection, the application is able to mitigate the impact of
+certain Cross-Site Scripting (XSS) attacks.
+
+Example:
+
+```http
+Set-Cookie: {cookie_name}=<random secure value>; HttpOnly
+```
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 1004.1 | false | 1004 | Passive | Low |
+
+## Links
+
+- [OWASP](https://owasp.org/www-community/HttpOnly)
+- [CWE](https://cwe.mitre.org/data/definitions/1004.html)
+- [Mozilla MDN](https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#restrict_access_to_cookies)
diff --git a/doc/user/application_security/dast/browser/checks/113.1.md b/doc/user/application_security/dast/browser/checks/113.1.md
new file mode 100644
index 00000000000..44c3be330f2
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/113.1.md
@@ -0,0 +1,27 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Improper Neutralization of CRLF Sequences in HTTP Headers
+
+## Description
+
+By inserting Carriage Return / Line Feed (CRLF) characters, malicious users could potentially inject arbitrary data into HTTP responses. By modifying HTTP responses, attackers could conduct cross-site scripting or cache poisoning attacks against other users of the system.
+
+## Remediation
+
+User input should never be used in constructing HTTP header responses without some form
+of validation against newlines. This includes URLs supplied by the user for HTTP redirects.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 113.1 | false | 113 | Active | high |
+
+## Links
+
+- [OWASP](https://owasp.org/www-community/attacks/HTTP_Response_Splitting)
+- [CWE](https://cwe.mitre.org/data/definitions/113.html)
diff --git a/doc/user/application_security/dast/browser/checks/16.1.md b/doc/user/application_security/dast/browser/checks/16.1.md
new file mode 100644
index 00000000000..c225e3ce368
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/16.1.md
@@ -0,0 +1,33 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Missing Content-Type header
+
+## Description
+
+The `Content-Type` header ensures that user agents correctly interpret the data being received. Without this header
+being sent, the browser may misinterpret the data, leading to MIME confusion attacks. If an attacker were able
+to upload files that are accessible by using a browser, they could upload files that may be interpreted as
+HTML and so execute Cross-Site Scripting (XSS) attacks.
+
+## Remediation
+
+Ensure all resources return a proper `Content-Type` header that matches their format. As an example,
+when returning JavaScript files, the response header should be: `Content-Type: application/javascript`
+
+For added protection, we recommend that all resources return the `X-Content-Type-Options: nosniff`
+header to disable user agents from mis-interpreting resources.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 16.1 | true | 16 | Passive | Low |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/16.html)
+- [Mozilla Blog on MIME Confusion attacks](https://blog.mozilla.org/security/2016/08/26/mitigating-mime-confusion-attacks-in-firefox/)
diff --git a/doc/user/application_security/dast/browser/checks/16.10.md b/doc/user/application_security/dast/browser/checks/16.10.md
new file mode 100644
index 00000000000..9d6a7f85e20
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/16.10.md
@@ -0,0 +1,30 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Content-Security-Policy violations
+
+## Description
+
+A `Content-Security-Policy` (CSP) was identified on the target site that is reporting violations when
+attempting to load the page in a browser. This may cause disruption to your users when attempting to visit the page.
+
+## Remediation
+
+Review the violations to determine if any action is necessary.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 16.10 | true | 16 | Passive | Info |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/16.html)
+- [OWASP](https://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html)
+- [MDN](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP)
+- [Content Security Policy Level 3](https://www.w3.org/TR/CSP3/)
+- [CSP Evaluator](https://csp-evaluator.withgoogle.com/)
diff --git a/doc/user/application_security/dast/browser/checks/16.2.md b/doc/user/application_security/dast/browser/checks/16.2.md
new file mode 100644
index 00000000000..2051b118009
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/16.2.md
@@ -0,0 +1,44 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Server header exposes version information
+
+## Description
+
+The target website returns the `Server` header and version information of this website. By
+exposing these values, attackers may attempt to identify if the target software is vulnerable to known
+vulnerabilities, or catalog known sites running particular versions to exploit in the future when a
+vulnerability is identified in the particular version.
+
+## Remediation
+
+We recommend that the version information be removed from the `Server` header.
+
+Apache:
+For Apache based web sites, set the `ServerTokens` to `Prod` in the `httpd.conf` configuration file.
+
+NGINX:
+For NGINX based websites, set the `server_tokens` configuration value to `off` in the `nginx.conf` file.
+
+IIS:
+For IIS based websites version 10 and above you can use the `removeServerHeader` element to the `requestFiltering`
+section of the `Web.config` file.
+
+For all other server types, please consult your product's documentation on how to redact the version information from
+the `Server` header.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 16.2 | true | 16 | Passive | Low |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/16.html)
+- [Apache ServerTokens](https://blog.mozilla.org/security/2016/08/26/mitigating-mime-confusion-attacks-in-firefox/)
+- [NGINX `server_tokens`](https://nginx.org/en/docs/http/ngx_http_core_module.html#server_tokens)
+- [IIS 10 Remove Server Header](https://learn.microsoft.com/en-us/iis/configuration/system.webserver/security/requestfiltering/#attributes)
diff --git a/doc/user/application_security/dast/browser/checks/16.3.md b/doc/user/application_security/dast/browser/checks/16.3.md
new file mode 100644
index 00000000000..d1799baa517
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/16.3.md
@@ -0,0 +1,35 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# X-Powered-By header exposes version information
+
+## Description
+
+The target website returns the `X-Powered-By` header and version information of this website. By
+exposing these values, attackers may attempt to identify if the target software is vulnerable to known
+vulnerabilities, or catalog known sites running particular versions to exploit in the future when a
+vulnerability is identified in the particular version.
+
+## Remediation
+
+We recommend that the version information be removed from the `X-Powered-By` header.
+
+PHP:
+For PHP based web sites, set the `expose_php` option to `off` in the `php.ini` configuration file.
+
+For all other server types, please consult your product's documentation on how to redact the version
+information from the `X-Powered-By` header.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 16.3 | true | 16 | Passive | Low |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/16.html)
+- [PHP `expose_php`](https://www.php.net/manual/en/ini.core.php#ini.expose-php)
diff --git a/doc/user/application_security/dast/browser/checks/16.4.md b/doc/user/application_security/dast/browser/checks/16.4.md
new file mode 100644
index 00000000000..e6b4ba8627f
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/16.4.md
@@ -0,0 +1,28 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# X-Backend-Server header exposes server information
+
+## Description
+
+The target website returns the `X-Backend-Server` header which includes potentially internal/hidden IP addresses
+or hostnames. By exposing these values, attackers may attempt to circumvent security proxies and access these
+hosts directly.
+
+## Remediation
+
+Consult your proxy/load balancer documentation or provider on how to disable revealing the
+`X-Backend-Server` header value.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 16.4 | true | 16 | Passive | Info |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/16.html)
diff --git a/doc/user/application_security/dast/browser/checks/16.5.md b/doc/user/application_security/dast/browser/checks/16.5.md
new file mode 100644
index 00000000000..285cc753523
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/16.5.md
@@ -0,0 +1,30 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# AspNet header exposes version information
+
+## Description
+
+The target website returns AspNet headers and version information of this website. By
+exposing these values attackers may attempt to identify if the target software is vulnerable to known
+vulnerabilities, or catalog known sites running particular versions to exploit in the future when a
+vulnerability is identified in the particular version.
+
+## Remediation
+
+To remove the `X-AspNet-Version` header set `<httpRuntime enableVersionHeader="false" />` in the `<system.Web>`
+section of the `Web.config` file.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 16.5 | true | 16 | Passive | Low |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/16.html)
+- [IIS Remove Unwanted Headers](https://techcommunity.microsoft.com/t5/iis-support-blog/remove-unwanted-http-response-headers/ba-p/369710)
diff --git a/doc/user/application_security/dast/browser/checks/16.6.md b/doc/user/application_security/dast/browser/checks/16.6.md
new file mode 100644
index 00000000000..c6705b2ec7f
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/16.6.md
@@ -0,0 +1,37 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# AspNetMvc header exposes version information
+
+## Description
+
+The target website returns AspNet headers along with version information of this website. By
+exposing these values attackers may attempt to identify if the target software is vulnerable to known
+vulnerabilities. Or catalog known sites running particular versions to exploit in the future when a
+vulnerability is identified in the particular version.
+
+## Remediation
+
+To remove the `X-AspNetMvc-Version` information set `MvcHandler.DisableMvcResponseHeader = true;` in the
+`Global.asax.cs` file in the `Application_Start()` method.
+
+```cs
+protected void Application_Start()
+{
+    MvcHandler.DisableMvcResponseHeader = true;
+}
+```
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 16.6 | true | 16 | Passive | Low |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/16.html)
+- [IIS Remove Unwanted Headers](https://techcommunity.microsoft.com/t5/iis-support-blog/remove-unwanted-http-response-headers/ba-p/369710)
diff --git a/doc/user/application_security/dast/browser/checks/16.7.md b/doc/user/application_security/dast/browser/checks/16.7.md
new file mode 100644
index 00000000000..d407234d2c2
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/16.7.md
@@ -0,0 +1,41 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Strict-Transport-Security header missing or invalid
+
+## Description
+
+The `Strict-Transport-Security` header was found to be missing or invalid. The `Strict-Transport-Security`
+header allows web site operators to force communications to occur over a TLS connection. By enabling this
+header, websites can protect their users from various forms of network eavesdropping or interception attacks.
+While most browsers prevent mixed-content (loading resources from HTTP when navigating from an HTTPS site),
+this header also ensures that all resource requests are only ever initiated over a secure transport.
+
+## Remediation
+
+Only three directives are applicable for the `Strict-Transport-Security` header.
+
+1. `max-age`: This required directive specifies how long (in seconds) after receiving the response it should communicate only over a secure transport.
+1. `includeSubDomains`: This optional, valueless directive signals that the policy applies to this host as well as any subdomains found under this host's domain.
+1. `preload`: While not part of the specification, setting this optional value allows major browser organizations to add this site into the browser's preloaded set of HTTPS sites. This requires further action on behalf of the website operator to submit their domain to the browser's HSTS preload list. See [hstspreload.org](https://hstspreload.org/) for more information.
+
+Note that invalid directives, or the `Strict-Transport-Security` header appearing more than once (if the values are
+different) is considered invalid.
+
+Prior to adding to this security configuration to your website, it is recommended you review the hstspreload.org [Deployment Recommendations](https://hstspreload.org/#deployment-recommendations).
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 16.7 | true | 16 | Passive | Low |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/16.html)
+- [Deployment Recommendations](https://hstspreload.org/#deployment-recommendations)
+- [OWASP](https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html)
+- [RFC](https://datatracker.ietf.org/doc/html/rfc6797)
diff --git a/doc/user/application_security/dast/browser/checks/16.8.md b/doc/user/application_security/dast/browser/checks/16.8.md
new file mode 100644
index 00000000000..b8faef75de7
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/16.8.md
@@ -0,0 +1,31 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Content-Security-Policy analysis
+
+## Description
+
+A missing or invalid `Content-Security-Policy` (CSP) was identified on the target site. CSP can aid in
+hardening a website against various client side attacks such as Cross-Site Scripting (XSS).
+
+## Remediation
+
+If the target site is missing a CSP, please investigate the relevant URLs for enabling CSP. Otherwise,
+follow the recommendations to determine if any actions are necessary.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 16.8 | true | 16 | Passive | Info |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/16.html)
+- [OWASP](https://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html)
+- [MDN](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP)
+- [Content Security Policy Level 3](https://www.w3.org/TR/CSP3/)
+- [CSP Evaluator](https://csp-evaluator.withgoogle.com/)
diff --git a/doc/user/application_security/dast/browser/checks/16.9.md b/doc/user/application_security/dast/browser/checks/16.9.md
new file mode 100644
index 00000000000..b0ba502b578
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/16.9.md
@@ -0,0 +1,32 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Content-Security-Policy-Report-Only analysis
+
+## Description
+
+A `Content-Security-Policy-Report-Only` (CSPRO) was identified on the target site. CSP-Report-Only headers
+aid in determining how to implement a `Content-Security-Policy` that does not disrupt normal use of the target
+site.
+
+## Remediation
+
+Follow the recommendations to determine if any actions are necessary to harden this `Content-Security-Policy-Report-Only`.
+After all alerts have been resolved, we recommend that this header be changed to `Content-Security-Policy`.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 16.9 | true | 16 | Passive | Info |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/16.html)
+- [OWASP](https://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html)
+- [MDN](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP)
+- [Content Security Policy Level 3](https://www.w3.org/TR/CSP3/)
+- [CSP Evaluator](https://csp-evaluator.withgoogle.com/)
diff --git a/doc/user/application_security/dast/browser/checks/200.1.md b/doc/user/application_security/dast/browser/checks/200.1.md
new file mode 100644
index 00000000000..c7c1e938678
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/200.1.md
@@ -0,0 +1,30 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of sensitive information to an unauthorized actor (private IP address)
+
+## Description
+
+A private RFC 1918/RFC 4193 address was identified in the target application. Public facing websites should not be issuing
+requests to private IP Addresses. Attackers attempting to execute subsequent attacks, such as Server-Side
+Request Forgery (SSRF), may be able to use this information to identify additional internal targets.
+
+## Remediation
+
+Identify the resource that is incorrectly specifying an internal IP address and replace it with it's public
+facing version, or remove the reference from the target application.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 200.1 | true | 200 | Passive | Low |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/200.html)
+- [RFC](https://datatracker.ietf.org/doc/html/rfc1918)
+- [RFC](https://datatracker.ietf.org/doc/html/rfc4193)
diff --git a/doc/user/application_security/dast/browser/checks/209.1.md b/doc/user/application_security/dast/browser/checks/209.1.md
new file mode 100644
index 00000000000..181595a279e
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/209.1.md
@@ -0,0 +1,43 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Generation of error message containing sensitive information
+
+## Description
+
+The application was found to return error data such as stack traces. Depending on the data contained within the error message,
+this information could be used by an attacker to conduct further attacks. While stack traces are helpful during development
+and debugging, they should not be presented to users when an error occurs.
+
+## Remediation
+
+Applications should handle exception conditions internally and map known failure types to error codes that can be displayed
+to a user. These error codes should be customized to the application and returned along with the relevant HTTP error code.
+
+When an error occurs, the application identifies the error type or class, and displays a numerical value to the
+user. Requests should also be tracked so when a user is presented with an error code, it has a corresponding request ID.
+Support teams can then correlate the HTTP error, the customized error code, and the request ID in the log files to
+determine the root cause of the error without leaking details to the end user.
+
+Example of returning customized errors:
+
+```plaintext
+HTTP/1.1 500 Internal Server Error
+...
+Error [0004] Occurred, please contact support or re-try your request again shortly.
+Request ID [a4bc91def12]
+...
+```
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 209.1 | false | 209 | Passive | Low |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/209.html)
diff --git a/doc/user/application_security/dast/browser/checks/209.2.md b/doc/user/application_security/dast/browser/checks/209.2.md
new file mode 100644
index 00000000000..9906347f7b9
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/209.2.md
@@ -0,0 +1,43 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Generation of database error message containing sensitive information
+
+## Description
+
+The application was found to return database error messages. Determining the type of database may assist attackers in exploiting
+SQL Injection attacks against the system. While debug messages are helpful during development and debugging, they should not be
+presented to users when an error occurs.
+
+## Remediation
+
+Applications should handle database error conditions internally and map known failure types to error codes that can be displayed
+to a user. These error codes should be customized to the application and returned along with the relevant HTTP error code.
+
+When an error occurs, the application identifies the error type or class, and displays a numerical value to the
+user. Requests should also be tracked so when a user is presented with an error code, it has a corresponding request ID.
+Support teams can then correlate the HTTP error, the customized error code, and the request ID in the log files to
+determine the root cause of the error without leaking details to the end user.
+
+Example of returning customized errors:
+
+```plaintext
+HTTP/1.1 500 Internal Server Error
+...
+Error [0004] Occurred, please contact support or re-try your request again shortly.
+Request ID [a4bc91def12]
+...
+```
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 209.2 | false | 209 | Passive | Low |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/209.html)
diff --git a/doc/user/application_security/dast/browser/checks/22.1.md b/doc/user/application_security/dast/browser/checks/22.1.md
new file mode 100644
index 00000000000..60a73b4248b
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/22.1.md
@@ -0,0 +1,38 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Improper limitation of a pathname to a restricted directory (Path traversal)
+
+## Description
+
+The vulnerability can be exploited by inserting a payload into a
+parameter on the URL endpoint which allows for reading arbitrary files.
+This could be used to read sensitive files, access other users data, or aid in
+exploitation to gain further system access.
+
+## Remediation
+
+User input should never be used in constructing paths or files for interacting
+with the filesystem. This includes filenames supplied by user uploads or downloads.
+
+If possible, consider hashing the filenames and reference the hashed filenames in
+a database or datastore instead of directly attempting to access filenames provided
+by users or other system components.
+
+In the rare cases that the application must work with filenames, use the language
+provided functionality to extract only the filename part of the supplied value.
+Never attempt to use the path or directory information that comes from user input.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 22.1 | false | 22 | Active | high |
+
+## Links
+
+- [OWASP](https://owasp.org/www-community/attacks/Path_Traversal)
+- [CWE](https://cwe.mitre.org/data/definitions/22.html)
diff --git a/doc/user/application_security/dast/browser/checks/287.1.md b/doc/user/application_security/dast/browser/checks/287.1.md
new file mode 100644
index 00000000000..d3d16d47677
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/287.1.md
@@ -0,0 +1,33 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Insecure authentication over HTTP (Basic Authentication)
+
+## Description
+
+The target application was found to authenticate users using the Basic Authentication scheme over HTTP.
+Basic Authentication base64 encodes the username and password and sends it in the `Authentication` header.
+Attackers who are in between the communication path (or on the same local network) of the client and server
+could use packet sniffers to read and decode the username and password.
+
+## Remediation
+
+If possible, switch to a more robust method to authenticate users such as OAuth 2.0, or storing usernames
+and passwords in a data store protected by the Argon2id algorithm. If Basic Authentication must be used,
+ensure credentials are only transmitted over secure channels such as HTTPS/TLS.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 287.1 | false | 287 | Passive | Medium |
+
+## Links
+
+- [OWASP](https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html)
+- [OAuth 2.0](https://oauth.net/2/)
+- [CWE-287](https://cwe.mitre.org/data/definitions/287.html)
+- [RFC](https://datatracker.ietf.org/doc/html/rfc7617)
diff --git a/doc/user/application_security/dast/browser/checks/287.2.md b/doc/user/application_security/dast/browser/checks/287.2.md
new file mode 100644
index 00000000000..9da22c66f84
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/287.2.md
@@ -0,0 +1,35 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Insecure authentication over HTTP (Digest Authentication)
+
+## Description
+
+The target application was found to authenticate users using the Digest Authentication scheme over HTTP.
+Digest Authentication uses an insecure hashing algorithm (MD5) to hash the username and password and sends
+it in the `Authentication` header. Attackers who are in between the communication path (or on the same
+local network) of the client and server could use packet sniffers to modify the server's response parameters
+to downgrade the security of the digest access authentication mode. Additionally, the server stores the
+hashed credentials, usually in a file called `.htpasswd`. Tools are readily available to crack these passwords.
+
+## Remediation
+
+If possible, switch to a more robust method to authenticate users such as OAuth 2.0, or storing usernames
+and passwords in a data store protected by the Argon2id algorithm. If Digest Authentication must be used,
+ensure credentials are only transmitted over secure channels such as HTTPS/TLS.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 287.2 | false | 287 | Passive | Low |
+
+## Links
+
+- [OWASP](https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html)
+- [OAuth 2.0](https://oauth.net/2/)
+- [CWE-287](https://cwe.mitre.org/data/definitions/287.html)
+- [RFC](https://datatracker.ietf.org/doc/html/rfc2069)
diff --git a/doc/user/application_security/dast/browser/checks/319.1.md b/doc/user/application_security/dast/browser/checks/319.1.md
new file mode 100644
index 00000000000..6c68344505a
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/319.1.md
@@ -0,0 +1,37 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Mixed Content
+
+## Description
+
+The target application was found to request resources over insecure transport protocols (HTTP). This is usually due to HTML
+elements which load resources using the `http://` scheme instead of `https://`. It should be noted that most modern browsers
+block these requests automatically so there is limited risk.
+
+Some parts of the application may not behave correctly since these files are not being properly loaded.
+
+## Remediation
+
+Ensure all HTML elements which load resources from a URL (JavaScript, stylesheets, images, video and other media) are set to
+use the `https://` scheme instead of `http://`. Alternatively, developers may use the `//` scheme, which will only load resources
+over the same protocol that the originating page was loaded.
+
+A browser visiting the website `https://example.com` with the HTML loading a file using
+`<script src="//example.com/cdn/bundle.js"></script>`, would ensure the `example.com/cdn/bundle.js` file was loaded over
+HTTPS.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 319.1 | true | 319 | Passive | Info |
+
+## Links
+
+- [OWASP](https://owasp.org/www-community/vulnerabilities/Insecure_Transport)
+- [CWE](https://cwe.mitre.org/data/definitions/319.html)
+- [MDN](https://developer.mozilla.org/en-US/docs/Web/Security/Mixed_content)
diff --git a/doc/user/application_security/dast/browser/checks/352.1.md b/doc/user/application_security/dast/browser/checks/352.1.md
new file mode 100644
index 00000000000..46e3bb32ebe
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/352.1.md
@@ -0,0 +1,41 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Absence of anti-CSRF tokens
+
+## Description
+
+The application failed to protect against Cross-Site Request Forgery (CSRF) by using
+secure application tokens or `SameSite` cookie directives.
+
+The vulnerability can be exploited by an attacker creating a link or form on a third
+party site and tricking an authenticated victim to access them.
+
+## Remediation
+
+Consider setting all session cookies to have the `SameSite=Strict` attribute. However,
+it should be noted that this may impact usability when sharing links across other mediums.
+It is recommended that a two cookie based approach is taken, as outlined in the
+[Top level navigations](https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis-08#section-8.8.2) section
+of the RFC.
+
+If the application is using a common framework, there is a chance that Anti-CSRF protection
+is built in but needs to be enabled. Consult your application framework documentation for
+details.
+
+If neither of the above are applicable, it is **strongly** recommended that a third party library is used.
+Implementing a secure Anti-CSRF system is a significant investment and difficult to do correctly.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 352.1 | true | 352 | Passive | Medium |
+
+## Links
+
+- [OWASP](https://owasp.org/www-community/attacks/csrf)
+- [CWE](https://cwe.mitre.org/data/definitions/352.html)
diff --git a/doc/user/application_security/dast/browser/checks/359.1.md b/doc/user/application_security/dast/browser/checks/359.1.md
new file mode 100644
index 00000000000..f7d9069731c
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/359.1.md
@@ -0,0 +1,34 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of Private Personal Information (PII) to an unauthorized actor (credit card)
+
+## Description
+
+The target application was found to return credit card information in the response. Organizations
+found returning such information may be in violation of industry regulations and could face fines.
+
+## Remediation
+
+PII such as credit cards should never be directly returned to the user. The majority of the information should masked except
+the last few digits or characters of the identifier. For example, credit card numbers should
+only return the last four digits: `****-****-****-1234`. Ensure this masking is done on the server
+and only then send the masked data back to the client. Do not rely on client side JavaScript or other methods
+to mask these values as the data could still be intercepted or unmasked.
+
+Additionally, credit card information should never be stored un-encrypted in files or databases.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 359.1 | true | 359 | Passive | Medium |
+
+## Links
+
+- [OWASP Top 10 A3 2017 - Sensitive Data Exposure](https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure)
+- [CWE](https://cwe.mitre.org/data/definitions/359.html)
+- [PCI-DSS](https://www.pcisecuritystandards.org/pdfs/pci_fs_data_storage.pdf)
diff --git a/doc/user/application_security/dast/browser/checks/359.2.md b/doc/user/application_security/dast/browser/checks/359.2.md
new file mode 100644
index 00000000000..d5428718171
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/359.2.md
@@ -0,0 +1,34 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of Private Personal Information (PII) to an unauthorized actor (United States social security number)
+
+## Description
+
+The target application was found to return social security number (SSN) information in the response. Organizations
+found returning such information may be in violation of (United States) state or federal laws and may face stiff penalties.
+
+## Remediation
+
+PII such as social security numbers should never be directly returned to the user. The majority of the information
+should masked except the last few digits or characters of the identifier. For example, social security numbers
+only be displayed with the last four digits: `***-**-1234`. Ensure this masking is done on the server
+and only then send the masked data back to the client. Do not rely on client side JavaScript or other methods
+to mask these values as the data could still be intercepted or unmasked.
+
+Additionally, social security numbers should never be stored un-encrypted in files or databases.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 359.2 | true | 359 | Passive | Medium |
+
+## Links
+
+- [OWASP Top 10 A3 2017 - Sensitive Data Exposure](https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure)
+- [CWE](https://cwe.mitre.org/data/definitions/359.html)
+- [Privacy Act (CMPPA)](https://www.ssa.gov/dataexchange/privacyinfo.html)
diff --git a/doc/user/application_security/dast/browser/checks/548.1.md b/doc/user/application_security/dast/browser/checks/548.1.md
new file mode 100644
index 00000000000..6cef8ccdb63
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/548.1.md
@@ -0,0 +1,45 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of information through directory listing
+
+## Description
+
+The target web server is configured to list the contents of directories that do not contain an index file
+such as `index.html`. This could lead to accidental exposure of sensitive information, or give an attacker
+details on how filenames and directories are structured and stored.
+
+## Remediation
+
+Directory indexing should be disabled.
+
+Apache:
+For Apache based web sites, ensure all `<Directory>` definitions have `Options -Indexes` configured in the
+`apache2.conf` or `httpd.conf` configuration file.
+
+NGINX:
+For NGINX based websites, ensure all `location` definitions have the `autoindex off` directive set in the
+`nginx.conf` file.
+
+IIS:
+For IIS based websites version 7.0 and above you can use the `<directoryBrowse enabled="false" />` element
+in the `applicationHost.config` or `Web.config` files.
+
+For all other server types, please consult your product's documentation on how to disable directory
+indexing.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 548.1 | false | 548 | Passive | Low |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/548.html)
+- [Apache Options](https://httpd.apache.org/docs/2.4/mod/core.html#options)
+- [NGINX `autoindex`](https://nginx.org/en/docs/http/ngx_http_autoindex_module.html)
+- [IIS `directoryBrowse` element](https://learn.microsoft.com/en-us/iis/configuration/system.webserver/directorybrowse)
diff --git a/doc/user/application_security/dast/browser/checks/598.1.md b/doc/user/application_security/dast/browser/checks/598.1.md
new file mode 100644
index 00000000000..21a28705c4e
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/598.1.md
@@ -0,0 +1,31 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Use of GET request method with sensitive query strings (session ID)
+
+## Description
+
+A session ID was identified in the request URL as well as a cookie value. Session
+IDs should not be sent in GET requests as they maybe captured by proxy systems, stored in
+browser history, or stored in log files. If an attacker were to get access to the session
+ID they would potentially be able to gain access to the target account.
+
+## Remediation
+
+As request headers are rarely logged or captured by third party systems, ensure session ID
+values are only sent in cookies (assigned via `Set-Cookie` response headers) and never sent
+in the request URL.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 598.1 | true | 598 | Passive | Medium |
+
+## Links
+
+- [OWASP](https://owasp.org/www-community/vulnerabilities/Information_exposure_through_query_strings_in_url)
+- [CWE](https://cwe.mitre.org/data/definitions/598.html)
diff --git a/doc/user/application_security/dast/browser/checks/598.2.md b/doc/user/application_security/dast/browser/checks/598.2.md
new file mode 100644
index 00000000000..2b7204b58df
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/598.2.md
@@ -0,0 +1,30 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Use of GET request method with sensitive query strings (password)
+
+## Description
+
+The user's password was identified in the request URL. Passwords should never be sent in GET
+requests as they maybe captured by proxy systems, stored in browser history, or stored in
+log files. If an attacker were to get access to these logs or logging systems, they would
+be able to gain access to the target account.
+
+## Remediation
+
+Passwords should never be sent in GET requests. When authenticating users or requesting users
+reset their passwords, always use `POST` requests to transmit sensitive data.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 598.2 | true | 598 | Passive | Medium |
+
+## Links
+
+- [OWASP](https://owasp.org/www-community/vulnerabilities/Information_exposure_through_query_strings_in_url)
+- [CWE](https://cwe.mitre.org/data/definitions/598.html)
diff --git a/doc/user/application_security/dast/browser/checks/598.3.md b/doc/user/application_security/dast/browser/checks/598.3.md
new file mode 100644
index 00000000000..9a2e507af18
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/598.3.md
@@ -0,0 +1,31 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Use of GET request method with sensitive query strings (Authorization header details)
+
+## Description
+
+The authorization header value was identified in the request URL. These headers typically contain
+usernames and passwords or JWT tokens. These values should never be sent in GET requests as they
+maybe captured by proxy systems, stored in browser history, or stored in log files. If an attacker
+were to get access to these logs or logging systems, they would be able to gain access to the
+target account.
+
+## Remediation
+
+Authorization header details should never be sent in GET requests. When transmitting sensitive information
+such as JWT tokens, always use `POST` requests or headers to transmit the sensitive data.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 598.3 | true | 598 | Passive | Medium |
+
+## Links
+
+- [OWASP](https://owasp.org/www-community/vulnerabilities/Information_exposure_through_query_strings_in_url)
+- [CWE](https://cwe.mitre.org/data/definitions/598.html)
diff --git a/doc/user/application_security/dast/browser/checks/601.1.md b/doc/user/application_security/dast/browser/checks/601.1.md
new file mode 100644
index 00000000000..f9ca304dea8
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/601.1.md
@@ -0,0 +1,34 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# URL redirection to untrusted site ('open redirect')
+
+## Description
+
+This site was found to allow open redirects from user supplied input. Open redirects are commonly
+abused in phishing attacks where the original domain or URL looks like a legitimate link, but then
+redirects a user to a malicious site. An example would be
+`https://example.com/redirect?url=https://%62%61%64%2e%63%6f%6d%2f%66%61%6b%65%6c%6f%67%69%6e` which,
+when decoded turns into `bad.com/fakelogin`.
+
+## Remediation
+
+Never redirect a client based on user input found in a `GET` request. It is recommended that the list
+of target links to redirect a user to are contained server side, and retrieved using a numerical value
+as an index to return the link to be redirected to. For example, `/redirect?id=1` would cause the
+application to look up the `1` index and return a URL such as `https://example.com`. This URL would
+then be used to redirect the user, using the 301 response code and `Location` header.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 601.1 | true | 601 | Passive | Low |
+
+## Links
+
+- [OWASP](https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html)
+- [CWE](https://cwe.mitre.org/data/definitions/601.html)
diff --git a/doc/user/application_security/dast/browser/checks/611.1.md b/doc/user/application_security/dast/browser/checks/611.1.md
new file mode 100644
index 00000000000..49ef449f8b0
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/611.1.md
@@ -0,0 +1,31 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# External XML Entity Injection (XXE)
+
+## Description
+
+It is possible to cause the application's XML parser to include external resources.
+This can include files or in some circumstances initiate requests to third party
+servers.
+
+## Remediation
+
+Consult the documentation for the XML Parser used by the target application for security
+guidelines and hardening steps. It is recommended that all XML parsers disable external
+entity resolution and XML `xinclude` features. Most XML parsers based on `libxml` can also be
+configured to disable network access.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 611.1 | false | 611 | Active | high |
+
+## Links
+
+- [OWASP](https://owasp.org/www-community/vulnerabilities/XML_External_Entity_(XXE)_Processing)
+- [CWE](https://cwe.mitre.org/data/definitions/611.html)
diff --git a/doc/user/application_security/dast/browser/checks/614.1.md b/doc/user/application_security/dast/browser/checks/614.1.md
new file mode 100644
index 00000000000..00f51ceea06
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/614.1.md
@@ -0,0 +1,40 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Sensitive cookie without Secure attribute
+
+## Description
+
+The cookie was transmitted in a `Set-Cookie` response without the `Secure` attribute set.
+To prevent sensitive cookie values being accidentally transmitted over clear-text HTTP we
+recommended that cookies are declared with the `Secure` attribute.
+
+## Remediation
+
+Most web application frameworks allow configuring how cookies are sent to user agents. Consult your framework's
+documentation for more information on how to enable various security attributes when assigning cookies to clients.
+
+If the application is assigning cookies via writing to the response headers directly, ensure all responses include
+the `Secure` attribute. By enabling this protection, the application will no longer send sensitive cookies over
+HTTP.
+
+Example:
+
+```http
+Set-Cookie: {cookie_name}=<random secure value>; Secure
+```
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 614.1 | false | 614 | Passive | Low |
+
+## Links
+
+- [OWASP](https://owasp.org/www-community/controls/SecureCookieAttribute)
+- [CWE](https://cwe.mitre.org/data/definitions/614.html)
+- [Mozilla MDN](https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#restrict_access_to_cookies)
diff --git a/doc/user/application_security/dast/browser/checks/693.1.md b/doc/user/application_security/dast/browser/checks/693.1.md
new file mode 100644
index 00000000000..7dc09d3f2d7
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/693.1.md
@@ -0,0 +1,36 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Missing X-Content-Type-Options: nosniff
+
+## Description
+
+The `X-Content-Type-Options` header with the value `nosniff` ensures that user agents do not attempt to
+guess the format of the data being received. User Agents such as browsers, commonly attempt to guess
+what the resource type being requested is, through a process called MIME type sniffing.
+
+Without this header being sent, the browser may misinterpret the data, leading to MIME confusion attacks.
+If an attacker were able to upload files that are accessible by using a browser, they could upload files
+that could be interpreted as HTML and execute Cross-Site Scripting (XSS) attacks.
+
+## Remediation
+
+We recommend that the header and value of `X-Content-Type-Options: nosniff` be set server wide.
+This ensures any resources that are mistakenly missing a `Content-Type` value are not
+misinterpreted.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 693.1 | true | 693 | Passive | Low |
+
+## Links
+
+- [OWASP](https://owasp.org/www-project-secure-headers/#x-content-type-options)
+- [CWE](https://cwe.mitre.org/data/definitions/693.html)
+- [Mozilla Blog on MIME Confusion attacks](https://blog.mozilla.org/security/2016/08/26/mitigating-mime-confusion-attacks-in-firefox/)
+- [Mozilla MDN on X-Content-Type-Options](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options)
diff --git a/doc/user/application_security/dast/browser/checks/798.1.md b/doc/user/application_security/dast/browser/checks/798.1.md
new file mode 100644
index 00000000000..2697cd1b1ec
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.1.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Adafruit API Key
+
+## Description
+
+The response body contains content that matches the pattern of a Adafruit API Key.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.1 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.10.md b/doc/user/application_security/dast/browser/checks/798.10.md
new file mode 100644
index 00000000000..ceee9c28fd1
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.10.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Asana Client Secret
+
+## Description
+
+The response body contains content that matches the pattern of a Asana Client Secret.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.10 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.100.md b/doc/user/application_security/dast/browser/checks/798.100.md
new file mode 100644
index 00000000000..2c14dab9f30
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.100.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Sendbird Access Token
+
+## Description
+
+The response body contains content that matches the pattern of a Sendbird Access Token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.100 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.101.md b/doc/user/application_security/dast/browser/checks/798.101.md
new file mode 100644
index 00000000000..e4c277c1bb5
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.101.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token SendGrid API token
+
+## Description
+
+The response body contains content that matches the pattern of a SendGrid API token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.101 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.102.md b/doc/user/application_security/dast/browser/checks/798.102.md
new file mode 100644
index 00000000000..303010d4bc5
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.102.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Sendinblue API token
+
+## Description
+
+The response body contains content that matches the pattern of a Sendinblue API token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.102 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.103.md b/doc/user/application_security/dast/browser/checks/798.103.md
new file mode 100644
index 00000000000..0524a50be7b
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.103.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Sentry Access Token
+
+## Description
+
+The response body contains content that matches the pattern of a Sentry Access Token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.103 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.104.md b/doc/user/application_security/dast/browser/checks/798.104.md
new file mode 100644
index 00000000000..6e806e8cf6e
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.104.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Shippo API token
+
+## Description
+
+The response body contains content that matches the pattern of a Shippo API token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.104 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.105.md b/doc/user/application_security/dast/browser/checks/798.105.md
new file mode 100644
index 00000000000..162d8533320
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.105.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Shopify access token
+
+## Description
+
+The response body contains content that matches the pattern of a Shopify access token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.105 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.106.md b/doc/user/application_security/dast/browser/checks/798.106.md
new file mode 100644
index 00000000000..177803b9196
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.106.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Shopify custom access token
+
+## Description
+
+The response body contains content that matches the pattern of a Shopify custom access token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.106 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.107.md b/doc/user/application_security/dast/browser/checks/798.107.md
new file mode 100644
index 00000000000..5241a6e9d09
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.107.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Shopify private app access token
+
+## Description
+
+The response body contains content that matches the pattern of a Shopify private app access token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.107 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.108.md b/doc/user/application_security/dast/browser/checks/798.108.md
new file mode 100644
index 00000000000..c6863ac4757
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.108.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Shopify shared secret
+
+## Description
+
+The response body contains content that matches the pattern of a Shopify shared secret.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.108 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.109.md b/doc/user/application_security/dast/browser/checks/798.109.md
new file mode 100644
index 00000000000..bfb82e6640f
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.109.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Slack token
+
+## Description
+
+The response body contains content that matches the pattern of a Slack token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.109 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.11.md b/doc/user/application_security/dast/browser/checks/798.11.md
new file mode 100644
index 00000000000..fd54560db79
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.11.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Atlassian API token
+
+## Description
+
+The response body contains content that matches the pattern of a Atlassian API token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.11 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.110.md b/doc/user/application_security/dast/browser/checks/798.110.md
new file mode 100644
index 00000000000..7a68284fae4
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.110.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Slack Webhook
+
+## Description
+
+The response body contains content that matches the pattern of a Slack Webhook.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.110 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.111.md b/doc/user/application_security/dast/browser/checks/798.111.md
new file mode 100644
index 00000000000..0804613ee48
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.111.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Stripe
+
+## Description
+
+The response body contains content that matches the pattern of a Stripe.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.111 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.112.md b/doc/user/application_security/dast/browser/checks/798.112.md
new file mode 100644
index 00000000000..2570e39357a
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.112.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Square Access Token
+
+## Description
+
+The response body contains content that matches the pattern of a Square Access Token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.112 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.113.md b/doc/user/application_security/dast/browser/checks/798.113.md
new file mode 100644
index 00000000000..c445a9f48b0
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.113.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Squarespace Access Token
+
+## Description
+
+The response body contains content that matches the pattern of a Squarespace Access Token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.113 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.114.md b/doc/user/application_security/dast/browser/checks/798.114.md
new file mode 100644
index 00000000000..7afe862231d
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.114.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token SumoLogic Access ID
+
+## Description
+
+The response body contains content that matches the pattern of a SumoLogic Access ID.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.114 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.115.md b/doc/user/application_security/dast/browser/checks/798.115.md
new file mode 100644
index 00000000000..dc305c61c30
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.115.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token SumoLogic Access Token
+
+## Description
+
+The response body contains content that matches the pattern of a SumoLogic Access Token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.115 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.116.md b/doc/user/application_security/dast/browser/checks/798.116.md
new file mode 100644
index 00000000000..54d97f90b47
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.116.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Travis CI Access Token
+
+## Description
+
+The response body contains content that matches the pattern of a Travis CI Access Token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.116 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.117.md b/doc/user/application_security/dast/browser/checks/798.117.md
new file mode 100644
index 00000000000..ff4b1299d32
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.117.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Twilio API Key
+
+## Description
+
+The response body contains content that matches the pattern of a Twilio API Key.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.117 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.118.md b/doc/user/application_security/dast/browser/checks/798.118.md
new file mode 100644
index 00000000000..dc4121e23ba
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.118.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Twitch API token
+
+## Description
+
+The response body contains content that matches the pattern of a Twitch API token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.118 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.119.md b/doc/user/application_security/dast/browser/checks/798.119.md
new file mode 100644
index 00000000000..df470195454
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.119.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Twitter API Key
+
+## Description
+
+The response body contains content that matches the pattern of a Twitter API Key.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.119 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.12.md b/doc/user/application_security/dast/browser/checks/798.12.md
new file mode 100644
index 00000000000..8cfe5f1cf2f
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.12.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token AWS
+
+## Description
+
+The response body contains content that matches the pattern of a AWS.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.12 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.120.md b/doc/user/application_security/dast/browser/checks/798.120.md
new file mode 100644
index 00000000000..986af1901a4
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.120.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Twitter API Secret
+
+## Description
+
+The response body contains content that matches the pattern of a Twitter API Secret.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.120 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.121.md b/doc/user/application_security/dast/browser/checks/798.121.md
new file mode 100644
index 00000000000..c2301d49bbb
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.121.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Twitter Access Token
+
+## Description
+
+The response body contains content that matches the pattern of a Twitter Access Token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.121 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.122.md b/doc/user/application_security/dast/browser/checks/798.122.md
new file mode 100644
index 00000000000..442c1bd09ba
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.122.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Twitter Access Secret
+
+## Description
+
+The response body contains content that matches the pattern of a Twitter Access Secret.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.122 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.123.md b/doc/user/application_security/dast/browser/checks/798.123.md
new file mode 100644
index 00000000000..b21c00fb547
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.123.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Twitter Bearer Token
+
+## Description
+
+The response body contains content that matches the pattern of a Twitter Bearer Token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.123 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.124.md b/doc/user/application_security/dast/browser/checks/798.124.md
new file mode 100644
index 00000000000..3d1e7875848
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.124.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Typeform API token
+
+## Description
+
+The response body contains content that matches the pattern of a Typeform API token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.124 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.125.md b/doc/user/application_security/dast/browser/checks/798.125.md
new file mode 100644
index 00000000000..41217655721
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.125.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Yandex API Key
+
+## Description
+
+The response body contains content that matches the pattern of a Yandex API Key.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.125 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.126.md b/doc/user/application_security/dast/browser/checks/798.126.md
new file mode 100644
index 00000000000..bfb48d4e3eb
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.126.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Yandex AWS Access Token
+
+## Description
+
+The response body contains content that matches the pattern of a Yandex AWS Access Token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.126 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.127.md b/doc/user/application_security/dast/browser/checks/798.127.md
new file mode 100644
index 00000000000..8df930ffb07
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.127.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Yandex Access Token
+
+## Description
+
+The response body contains content that matches the pattern of a Yandex Access Token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.127 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.128.md b/doc/user/application_security/dast/browser/checks/798.128.md
new file mode 100644
index 00000000000..2bee2604870
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.128.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Zendesk Secret Key
+
+## Description
+
+The response body contains content that matches the pattern of a Zendesk Secret Key.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.128 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.13.md b/doc/user/application_security/dast/browser/checks/798.13.md
new file mode 100644
index 00000000000..83e45dedecb
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.13.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Bitbucket Client ID
+
+## Description
+
+The response body contains content that matches the pattern of a Bitbucket Client ID.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.13 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.14.md b/doc/user/application_security/dast/browser/checks/798.14.md
new file mode 100644
index 00000000000..eb800c510c8
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.14.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Bitbucket Client Secret
+
+## Description
+
+The response body contains content that matches the pattern of a Bitbucket Client Secret.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.14 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.15.md b/doc/user/application_security/dast/browser/checks/798.15.md
new file mode 100644
index 00000000000..f9e01799b63
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.15.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Bittrex Access Key
+
+## Description
+
+The response body contains content that matches the pattern of a Bittrex Access Key.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.15 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.16.md b/doc/user/application_security/dast/browser/checks/798.16.md
new file mode 100644
index 00000000000..92fbb490d12
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.16.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Bittrex Secret Key
+
+## Description
+
+The response body contains content that matches the pattern of a Bittrex Secret Key.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.16 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.17.md b/doc/user/application_security/dast/browser/checks/798.17.md
new file mode 100644
index 00000000000..a020c55d2be
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.17.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Beamer API token
+
+## Description
+
+The response body contains content that matches the pattern of a Beamer API token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.17 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.18.md b/doc/user/application_security/dast/browser/checks/798.18.md
new file mode 100644
index 00000000000..16b7e384462
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.18.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Codecov Access Token
+
+## Description
+
+The response body contains content that matches the pattern of a Codecov Access Token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.18 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.19.md b/doc/user/application_security/dast/browser/checks/798.19.md
new file mode 100644
index 00000000000..6ec04f2a011
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.19.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Coinbase Access Token
+
+## Description
+
+The response body contains content that matches the pattern of a Coinbase Access Token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.19 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.2.md b/doc/user/application_security/dast/browser/checks/798.2.md
new file mode 100644
index 00000000000..18fe524cb08
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.2.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Adobe Client ID (OAuth Web)
+
+## Description
+
+The response body contains content that matches the pattern of a Adobe Client ID (OAuth Web).
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.2 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.20.md b/doc/user/application_security/dast/browser/checks/798.20.md
new file mode 100644
index 00000000000..22d750dfdfb
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.20.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Clojars API token
+
+## Description
+
+The response body contains content that matches the pattern of a Clojars API token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.20 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.21.md b/doc/user/application_security/dast/browser/checks/798.21.md
new file mode 100644
index 00000000000..e38a540a253
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.21.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Confluent Access Token
+
+## Description
+
+The response body contains content that matches the pattern of a Confluent Access Token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.21 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.22.md b/doc/user/application_security/dast/browser/checks/798.22.md
new file mode 100644
index 00000000000..55d39c47428
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.22.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Confluent Secret Key
+
+## Description
+
+The response body contains content that matches the pattern of a Confluent Secret Key.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.22 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.23.md b/doc/user/application_security/dast/browser/checks/798.23.md
new file mode 100644
index 00000000000..967e41d656d
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.23.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Contentful delivery API token
+
+## Description
+
+The response body contains content that matches the pattern of a Contentful delivery API token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.23 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.24.md b/doc/user/application_security/dast/browser/checks/798.24.md
new file mode 100644
index 00000000000..65db9b1f5d7
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.24.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Databricks API token
+
+## Description
+
+The response body contains content that matches the pattern of a Databricks API token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.24 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.25.md b/doc/user/application_security/dast/browser/checks/798.25.md
new file mode 100644
index 00000000000..db7a22c31e2
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.25.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Datadog Access Token
+
+## Description
+
+The response body contains content that matches the pattern of a Datadog Access Token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.25 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.26.md b/doc/user/application_security/dast/browser/checks/798.26.md
new file mode 100644
index 00000000000..989a9787c04
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.26.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Discord API key
+
+## Description
+
+The response body contains content that matches the pattern of a Discord API key.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.26 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.27.md b/doc/user/application_security/dast/browser/checks/798.27.md
new file mode 100644
index 00000000000..f17f6bf1c56
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.27.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Discord client ID
+
+## Description
+
+The response body contains content that matches the pattern of a Discord client ID.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.27 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.28.md b/doc/user/application_security/dast/browser/checks/798.28.md
new file mode 100644
index 00000000000..6d063c39d2b
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.28.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Discord client secret
+
+## Description
+
+The response body contains content that matches the pattern of a Discord client secret.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.28 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.29.md b/doc/user/application_security/dast/browser/checks/798.29.md
new file mode 100644
index 00000000000..5c082b2aac0
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.29.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Doppler API token
+
+## Description
+
+The response body contains content that matches the pattern of a Doppler API token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.29 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.3.md b/doc/user/application_security/dast/browser/checks/798.3.md
new file mode 100644
index 00000000000..e6cfb13d114
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.3.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Adobe Client Secret
+
+## Description
+
+The response body contains content that matches the pattern of a Adobe Client Secret.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.3 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.30.md b/doc/user/application_security/dast/browser/checks/798.30.md
new file mode 100644
index 00000000000..618d2cdafdd
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.30.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Dropbox API secret
+
+## Description
+
+The response body contains content that matches the pattern of a Dropbox API secret.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.30 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.31.md b/doc/user/application_security/dast/browser/checks/798.31.md
new file mode 100644
index 00000000000..d35e9c91f0f
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.31.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Dropbox long lived API token
+
+## Description
+
+The response body contains content that matches the pattern of a Dropbox long lived API token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.31 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.32.md b/doc/user/application_security/dast/browser/checks/798.32.md
new file mode 100644
index 00000000000..30e38c36959
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.32.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Dropbox short lived API token
+
+## Description
+
+The response body contains content that matches the pattern of a Dropbox short lived API token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.32 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.33.md b/doc/user/application_security/dast/browser/checks/798.33.md
new file mode 100644
index 00000000000..4761ac9d157
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.33.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Drone CI Access Token
+
+## Description
+
+The response body contains content that matches the pattern of a Drone CI Access Token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.33 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.34.md b/doc/user/application_security/dast/browser/checks/798.34.md
new file mode 100644
index 00000000000..5323a026257
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.34.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Duffel API token
+
+## Description
+
+The response body contains content that matches the pattern of a Duffel API token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.34 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.35.md b/doc/user/application_security/dast/browser/checks/798.35.md
new file mode 100644
index 00000000000..16aa601674e
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.35.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Dynatrace API token
+
+## Description
+
+The response body contains content that matches the pattern of a Dynatrace API token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.35 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.36.md b/doc/user/application_security/dast/browser/checks/798.36.md
new file mode 100644
index 00000000000..24827bc66fa
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.36.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token EasyPost API token
+
+## Description
+
+The response body contains content that matches the pattern of a EasyPost API token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.36 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.37.md b/doc/user/application_security/dast/browser/checks/798.37.md
new file mode 100644
index 00000000000..4f3ca41e0ea
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.37.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token EasyPost test API token
+
+## Description
+
+The response body contains content that matches the pattern of a EasyPost test API token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.37 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.38.md b/doc/user/application_security/dast/browser/checks/798.38.md
new file mode 100644
index 00000000000..b8a6ea5b237
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.38.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Etsy Access Token
+
+## Description
+
+The response body contains content that matches the pattern of a Etsy Access Token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.38 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.39.md b/doc/user/application_security/dast/browser/checks/798.39.md
new file mode 100644
index 00000000000..1cad4237cfe
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.39.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Facebook
+
+## Description
+
+The response body contains content that matches the pattern of a Facebook.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.39 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.4.md b/doc/user/application_security/dast/browser/checks/798.4.md
new file mode 100644
index 00000000000..30e0c34c960
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.4.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Age secret key
+
+## Description
+
+The response body contains content that matches the pattern of a Age secret key.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.4 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.40.md b/doc/user/application_security/dast/browser/checks/798.40.md
new file mode 100644
index 00000000000..7ea8df02055
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.40.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Fastly API key
+
+## Description
+
+The response body contains content that matches the pattern of a Fastly API key.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.40 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.41.md b/doc/user/application_security/dast/browser/checks/798.41.md
new file mode 100644
index 00000000000..8e5eb3e8f43
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.41.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Finicity Client Secret
+
+## Description
+
+The response body contains content that matches the pattern of a Finicity Client Secret.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.41 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.42.md b/doc/user/application_security/dast/browser/checks/798.42.md
new file mode 100644
index 00000000000..5ff876021ef
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.42.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Finicity API token
+
+## Description
+
+The response body contains content that matches the pattern of a Finicity API token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.42 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.43.md b/doc/user/application_security/dast/browser/checks/798.43.md
new file mode 100644
index 00000000000..44a8e5d44b1
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.43.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Flickr Access Token
+
+## Description
+
+The response body contains content that matches the pattern of a Flickr Access Token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.43 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.44.md b/doc/user/application_security/dast/browser/checks/798.44.md
new file mode 100644
index 00000000000..5cebcb5c93d
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.44.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Finnhub Access Token
+
+## Description
+
+The response body contains content that matches the pattern of a Finnhub Access Token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.44 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.46.md b/doc/user/application_security/dast/browser/checks/798.46.md
new file mode 100644
index 00000000000..c71eacbee34
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.46.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Flutterwave Secret Key
+
+## Description
+
+The response body contains content that matches the pattern of a Flutterwave Secret Key.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.46 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.47.md b/doc/user/application_security/dast/browser/checks/798.47.md
new file mode 100644
index 00000000000..24cf3a02121
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.47.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Flutterwave Encryption Key
+
+## Description
+
+The response body contains content that matches the pattern of a Flutterwave Encryption Key.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.47 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.48.md b/doc/user/application_security/dast/browser/checks/798.48.md
new file mode 100644
index 00000000000..f8778c2b0ba
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.48.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Frame.io API token
+
+## Description
+
+The response body contains content that matches the pattern of a Frame.io API token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.48 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.49.md b/doc/user/application_security/dast/browser/checks/798.49.md
new file mode 100644
index 00000000000..41a3e8ace3d
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.49.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token FreshBooks Access Token
+
+## Description
+
+The response body contains content that matches the pattern of a FreshBooks Access Token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.49 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.5.md b/doc/user/application_security/dast/browser/checks/798.5.md
new file mode 100644
index 00000000000..03afbecb820
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.5.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Airtable API Key
+
+## Description
+
+The response body contains content that matches the pattern of a Airtable API Key.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.5 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.50.md b/doc/user/application_security/dast/browser/checks/798.50.md
new file mode 100644
index 00000000000..0542a00ff71
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.50.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token GoCardless API token
+
+## Description
+
+The response body contains content that matches the pattern of a GoCardless API token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.50 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.52.md b/doc/user/application_security/dast/browser/checks/798.52.md
new file mode 100644
index 00000000000..78864a51172
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.52.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token GitHub Personal Access Token
+
+## Description
+
+The response body contains content that matches the pattern of a GitHub Personal Access Token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.52 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.53.md b/doc/user/application_security/dast/browser/checks/798.53.md
new file mode 100644
index 00000000000..37ef66ec726
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.53.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token GitHub OAuth Access Token
+
+## Description
+
+The response body contains content that matches the pattern of a GitHub OAuth Access Token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.53 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.54.md b/doc/user/application_security/dast/browser/checks/798.54.md
new file mode 100644
index 00000000000..bf8ab699f9d
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.54.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token GitHub App Token
+
+## Description
+
+The response body contains content that matches the pattern of a GitHub App Token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.54 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.55.md b/doc/user/application_security/dast/browser/checks/798.55.md
new file mode 100644
index 00000000000..0e7528ba008
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.55.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token GitHub Refresh Token
+
+## Description
+
+The response body contains content that matches the pattern of a GitHub Refresh Token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.55 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.56.md b/doc/user/application_security/dast/browser/checks/798.56.md
new file mode 100644
index 00000000000..6c9e4bbfd9a
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.56.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token GitLab Personal Access Token
+
+## Description
+
+The response body contains content that matches the pattern of a GitLab Personal Access Token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.56 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.57.md b/doc/user/application_security/dast/browser/checks/798.57.md
new file mode 100644
index 00000000000..d0c700c8662
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.57.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Gitter Access Token
+
+## Description
+
+The response body contains content that matches the pattern of a Gitter Access Token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.57 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.58.md b/doc/user/application_security/dast/browser/checks/798.58.md
new file mode 100644
index 00000000000..86396d00ba1
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.58.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token HashiCorp Terraform user/org API token
+
+## Description
+
+The response body contains content that matches the pattern of a HashiCorp Terraform user/org API token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.58 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.59.md b/doc/user/application_security/dast/browser/checks/798.59.md
new file mode 100644
index 00000000000..471ece22913
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.59.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Heroku API Key
+
+## Description
+
+The response body contains content that matches the pattern of a Heroku API Key.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.59 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.6.md b/doc/user/application_security/dast/browser/checks/798.6.md
new file mode 100644
index 00000000000..cfdfa706c15
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.6.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Algolia API Key
+
+## Description
+
+The response body contains content that matches the pattern of a Algolia API Key.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.6 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.60.md b/doc/user/application_security/dast/browser/checks/798.60.md
new file mode 100644
index 00000000000..bdfe162e615
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.60.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token HubSpot API Token
+
+## Description
+
+The response body contains content that matches the pattern of a HubSpot API Token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.60 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.61.md b/doc/user/application_security/dast/browser/checks/798.61.md
new file mode 100644
index 00000000000..c359dd9cc90
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.61.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Intercom API Token
+
+## Description
+
+The response body contains content that matches the pattern of a Intercom API Token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.61 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.62.md b/doc/user/application_security/dast/browser/checks/798.62.md
new file mode 100644
index 00000000000..0d34ab89508
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.62.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Kraken Access Token
+
+## Description
+
+The response body contains content that matches the pattern of a Kraken Access Token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.62 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.63.md b/doc/user/application_security/dast/browser/checks/798.63.md
new file mode 100644
index 00000000000..e065750150d
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.63.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Kucoin Access Token
+
+## Description
+
+The response body contains content that matches the pattern of a Kucoin Access Token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.63 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.64.md b/doc/user/application_security/dast/browser/checks/798.64.md
new file mode 100644
index 00000000000..12cd11d8d79
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.64.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Kucoin Secret Key
+
+## Description
+
+The response body contains content that matches the pattern of a Kucoin Secret Key.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.64 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.65.md b/doc/user/application_security/dast/browser/checks/798.65.md
new file mode 100644
index 00000000000..083bfec3350
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.65.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token LaunchDarkly Access Token
+
+## Description
+
+The response body contains content that matches the pattern of a LaunchDarkly Access Token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.65 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.66.md b/doc/user/application_security/dast/browser/checks/798.66.md
new file mode 100644
index 00000000000..c83eaba8d29
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.66.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Linear API Token
+
+## Description
+
+The response body contains content that matches the pattern of a Linear API Token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.66 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.67.md b/doc/user/application_security/dast/browser/checks/798.67.md
new file mode 100644
index 00000000000..8b39f42d090
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.67.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Linear Client Secret
+
+## Description
+
+The response body contains content that matches the pattern of a Linear Client Secret.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.67 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.68.md b/doc/user/application_security/dast/browser/checks/798.68.md
new file mode 100644
index 00000000000..54a2e418cd2
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.68.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token LinkedIn Client ID
+
+## Description
+
+The response body contains content that matches the pattern of a LinkedIn Client ID.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.68 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.69.md b/doc/user/application_security/dast/browser/checks/798.69.md
new file mode 100644
index 00000000000..0a341f494fc
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.69.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token LinkedIn Client secret
+
+## Description
+
+The response body contains content that matches the pattern of a LinkedIn Client secret.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.69 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.7.md b/doc/user/application_security/dast/browser/checks/798.7.md
new file mode 100644
index 00000000000..2989c68a311
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.7.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Alibaba AccessKey ID
+
+## Description
+
+The response body contains content that matches the pattern of a Alibaba AccessKey ID.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.7 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.70.md b/doc/user/application_security/dast/browser/checks/798.70.md
new file mode 100644
index 00000000000..cfd1660bd7f
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.70.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Lob API Key
+
+## Description
+
+The response body contains content that matches the pattern of a Lob API Key.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.70 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.72.md b/doc/user/application_security/dast/browser/checks/798.72.md
new file mode 100644
index 00000000000..c89fb2bf8c6
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.72.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Mailchimp API key
+
+## Description
+
+The response body contains content that matches the pattern of a Mailchimp API key.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.72 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.74.md b/doc/user/application_security/dast/browser/checks/798.74.md
new file mode 100644
index 00000000000..94d17b2c1be
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.74.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Mailgun private API token
+
+## Description
+
+The response body contains content that matches the pattern of a Mailgun private API token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.74 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.75.md b/doc/user/application_security/dast/browser/checks/798.75.md
new file mode 100644
index 00000000000..e2a764bf826
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.75.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Mailgun webhook signing key
+
+## Description
+
+The response body contains content that matches the pattern of a Mailgun webhook signing key.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.75 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.77.md b/doc/user/application_security/dast/browser/checks/798.77.md
new file mode 100644
index 00000000000..f79b6645b26
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.77.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Mattermost Access Token
+
+## Description
+
+The response body contains content that matches the pattern of a Mattermost Access Token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.77 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.78.md b/doc/user/application_security/dast/browser/checks/798.78.md
new file mode 100644
index 00000000000..b2c73b54562
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.78.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token MessageBird API token
+
+## Description
+
+The response body contains content that matches the pattern of a MessageBird API token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.78 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.8.md b/doc/user/application_security/dast/browser/checks/798.8.md
new file mode 100644
index 00000000000..3b99bae1f4e
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.8.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Alibaba Secret Key
+
+## Description
+
+The response body contains content that matches the pattern of a Alibaba Secret Key.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.8 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.80.md b/doc/user/application_security/dast/browser/checks/798.80.md
new file mode 100644
index 00000000000..9a18a21d5d1
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.80.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Netlify Access Token
+
+## Description
+
+The response body contains content that matches the pattern of a Netlify Access Token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.80 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.81.md b/doc/user/application_security/dast/browser/checks/798.81.md
new file mode 100644
index 00000000000..fef989c0bbf
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.81.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token New Relic user API Key
+
+## Description
+
+The response body contains content that matches the pattern of a New Relic user API Key.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.81 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.82.md b/doc/user/application_security/dast/browser/checks/798.82.md
new file mode 100644
index 00000000000..23ebba1641e
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.82.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token New Relic user API ID
+
+## Description
+
+The response body contains content that matches the pattern of a New Relic user API ID.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.82 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.83.md b/doc/user/application_security/dast/browser/checks/798.83.md
new file mode 100644
index 00000000000..3f36e78cfda
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.83.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token New Relic ingest browser API token
+
+## Description
+
+The response body contains content that matches the pattern of a New Relic ingest browser API token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.83 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.84.md b/doc/user/application_security/dast/browser/checks/798.84.md
new file mode 100644
index 00000000000..69f4c1249b4
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.84.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token npm access token
+
+## Description
+
+The response body contains content that matches the pattern of a npm access token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.84 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.86.md b/doc/user/application_security/dast/browser/checks/798.86.md
new file mode 100644
index 00000000000..700ed99ebc5
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.86.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Okta Access Token
+
+## Description
+
+The response body contains content that matches the pattern of a Okta Access Token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.86 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.87.md b/doc/user/application_security/dast/browser/checks/798.87.md
new file mode 100644
index 00000000000..3fb1fe4a857
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.87.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Plaid Client ID
+
+## Description
+
+The response body contains content that matches the pattern of a Plaid Client ID.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.87 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.88.md b/doc/user/application_security/dast/browser/checks/798.88.md
new file mode 100644
index 00000000000..6d143dce5fa
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.88.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Plaid Secret key
+
+## Description
+
+The response body contains content that matches the pattern of a Plaid Secret key.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.88 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.89.md b/doc/user/application_security/dast/browser/checks/798.89.md
new file mode 100644
index 00000000000..123f2730b30
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.89.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Plaid API Token
+
+## Description
+
+The response body contains content that matches the pattern of a Plaid API Token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.89 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.9.md b/doc/user/application_security/dast/browser/checks/798.9.md
new file mode 100644
index 00000000000..a86f8241bf7
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.9.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Asana Client ID
+
+## Description
+
+The response body contains content that matches the pattern of a Asana Client ID.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.9 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.90.md b/doc/user/application_security/dast/browser/checks/798.90.md
new file mode 100644
index 00000000000..884fca83dd3
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.90.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token PlanetScale password
+
+## Description
+
+The response body contains content that matches the pattern of a PlanetScale password.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.90 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.91.md b/doc/user/application_security/dast/browser/checks/798.91.md
new file mode 100644
index 00000000000..bfccaf3262d
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.91.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token PlanetScale API token
+
+## Description
+
+The response body contains content that matches the pattern of a PlanetScale API token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.91 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.92.md b/doc/user/application_security/dast/browser/checks/798.92.md
new file mode 100644
index 00000000000..ceec84a3fe8
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.92.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token PlanetScale OAuth token
+
+## Description
+
+The response body contains content that matches the pattern of a PlanetScale OAuth token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.92 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.93.md b/doc/user/application_security/dast/browser/checks/798.93.md
new file mode 100644
index 00000000000..1d67a889d1a
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.93.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Postman API token
+
+## Description
+
+The response body contains content that matches the pattern of a Postman API token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.93 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.94.md b/doc/user/application_security/dast/browser/checks/798.94.md
new file mode 100644
index 00000000000..aedeabce11c
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.94.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Private Key
+
+## Description
+
+The response body contains content that matches the pattern of a Private Key.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.94 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.95.md b/doc/user/application_security/dast/browser/checks/798.95.md
new file mode 100644
index 00000000000..fa34f58a48e
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.95.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Pulumi API token
+
+## Description
+
+The response body contains content that matches the pattern of a Pulumi API token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.95 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.96.md b/doc/user/application_security/dast/browser/checks/798.96.md
new file mode 100644
index 00000000000..de93a54ec63
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.96.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token PyPI upload token
+
+## Description
+
+The response body contains content that matches the pattern of a PyPI upload token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.96 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.97.md b/doc/user/application_security/dast/browser/checks/798.97.md
new file mode 100644
index 00000000000..711288eba9c
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.97.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token RubyGems API token
+
+## Description
+
+The response body contains content that matches the pattern of a RubyGems API token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.97 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.98.md b/doc/user/application_security/dast/browser/checks/798.98.md
new file mode 100644
index 00000000000..08460c09520
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.98.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token RapidAPI Access Token
+
+## Description
+
+The response body contains content that matches the pattern of a RapidAPI Access Token.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.98 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/798.99.md b/doc/user/application_security/dast/browser/checks/798.99.md
new file mode 100644
index 00000000000..b43bf291cc0
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/798.99.md
@@ -0,0 +1,26 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Exposure of confidential secret or token Sendbird Access ID
+
+## Description
+
+The response body contains content that matches the pattern of a Sendbird Access ID.
+Exposing this value could allow attackers to gain access to all resources granted by this token.
+
+## Remediation
+
+Review the response body content and remove any exposed values.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 798.99 | false | 798 | Passive | High |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/798.html)
diff --git a/doc/user/application_security/dast/browser/checks/829.1.md b/doc/user/application_security/dast/browser/checks/829.1.md
new file mode 100644
index 00000000000..7df250c2047
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/829.1.md
@@ -0,0 +1,48 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Inclusion of Functionality from Untrusted Control Sphere
+
+## Description
+
+JavaScript or CSS source files are included from third party domains without
+[Sub-Resource Integrity (SRI)](https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity).
+If an attacker were to compromise the sites hosting these third party resources, they could inject malicious
+script or CSS data in an attempt to compromise users of your application. However, if SRI was applied and an
+attacker attempted to modify the contents of the script, the browser would not load the script and your
+applications users would be protected from the malicious alterations.
+
+## Remediation
+
+All identified resources should be sourced from the same domain as the target application. If this is not
+possible, it is strongly recommended that all `script` tags that implement `src` values, or `link` tags
+that implement the `href` values include Sub-Resource Integrity. To generate SRI integrity values the
+[SRI hash](https://www.srihash.org/) tool can be used, or by running one of the following commands:
+
+- `cat FILENAME.js | openssl dgst -sha384 -binary | openssl base64 -A`
+- `shasum -b -a 384 FILENAME.js | awk '{ print $1 }' | xxd -r -p | base64`
+
+The output of these tools must be added as additional attributes, in particular: `integrity` and either
+`crossorigin=anonymous` or `crossorigin=use-credentials`.
+An example of a valid SRI protected script tag can be found below:
+
+```html
+<script src="https://example.com/example-framework.js"
+    integrity="sha384-oqVuAfXRKap7fdgcCY5uykM6+R9GqQ8K/uxy9rx7HNQlGYl1kPzQho1wx4JwY8wC"
+    crossorigin="anonymous"></script>
+```
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 829.1 | true | 829 | Passive | Low |
+
+## Links
+
+- [OWASP](https://cheatsheetseries.owasp.org/cheatsheets/Third_Party_Javascript_Management_Cheat_Sheet.html#subresource-integrity)
+- [CWE](https://cwe.mitre.org/data/definitions/829.html)
+- [MDN](https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity)
diff --git a/doc/user/application_security/dast/browser/checks/829.2.md b/doc/user/application_security/dast/browser/checks/829.2.md
new file mode 100644
index 00000000000..d9d3e5a6341
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/829.2.md
@@ -0,0 +1,47 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Invalid Sub-Resource Integrity values detected
+
+## Description
+
+JavaScript or CSS source files were found to contain invalid
+[Sub-Resource Integrity (SRI)](https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity)
+`integrity` values or a missing `crossorigin` value. These scripts or links should be investigated to
+ensure they have not been maliciously altered. If in doubt, contact the owner of the scripts or replace
+them with known good versions.
+
+## Remediation
+
+All identified resources should be sourced from the same domain as the target application. If this is not
+possible, it is strongly recommended that all `script` tags that implement `src` values, or `link` tags
+that implement the `href` values include Sub-Resource Integrity. To generate SRI integrity values the
+[SRI hash](https://www.srihash.org/) tool can be used, or by running one of the following commands:
+
+- `cat FILENAME.js | openssl dgst -sha384 -binary | openssl base64 -A`
+- `shasum -b -a 384 FILENAME.js | awk '{ print $1 }' | xxd -r -p | base64`
+
+The output of these tools must be added as additional attributes, in particular: `integrity` and either
+`crossorigin=anonymous` or `crossorigin=use-credentials`.
+An example of a valid SRI protected script tag can be found below:
+
+```html
+<script src="https://example.com/example-framework.js"
+    integrity="sha384-oqVuAfXRKap7fdgcCY5uykM6+R9GqQ8K/uxy9rx7HNQlGYl1kPzQho1wx4JwY8wC"
+    crossorigin="anonymous"></script>
+```
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 829.2 | true | 829 | Passive | Medium |
+
+## Links
+
+- [OWASP](https://cheatsheetseries.owasp.org/cheatsheets/Third_Party_Javascript_Management_Cheat_Sheet.html#subresource-integrity)
+- [CWE](https://cwe.mitre.org/data/definitions/829.html)
+- [MDN](https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity)
diff --git a/doc/user/application_security/dast/browser/checks/89.1.md b/doc/user/application_security/dast/browser/checks/89.1.md
new file mode 100644
index 00000000000..ca7ff5e4593
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/89.1.md
@@ -0,0 +1,37 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# SQL Injection
+
+## Description
+
+It is possible to execute arbitrary SQL commands on the target application server's
+backend database.
+SQL Injection is a critical vulnerability that can lead to a data or system
+compromise.
+
+## Remediation
+
+Always use parameterized queries when issuing requests to backend database systems. In
+situations where dynamic queries must be created, never use direct user input, but
+instead use a map or dictionary of valid values and resolve them using a user-supplied key.
+
+For example, some database drivers do not allow parameterized queries for `>` or `<` comparison
+operators. In these cases, do not use a user supplied `>` or `<` value, but rather have the user
+supply a `gt` or `lt` value. The alphabetical values are then used to look up the `>` and `<`
+values to be used in the construction of the dynamic query. The same goes for other queries where
+column or table names are required but can not be parameterized.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 89.1 | false | 89 | Active | high |
+
+## Links
+
+- [OWASP](https://owasp.org/www-community/attacks/SQL_Injection)
+- [CWE](https://cwe.mitre.org/data/definitions/89.html)
diff --git a/doc/user/application_security/dast/browser/checks/917.1.md b/doc/user/application_security/dast/browser/checks/917.1.md
new file mode 100644
index 00000000000..68b9665e393
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/917.1.md
@@ -0,0 +1,33 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Expression Language Injection
+
+## Description
+
+It is possible to execute arbitrary Expression Language (EL) statements on the target
+application server. EL injection is a critical severity vulnerability that can lead to
+full system compromise. EL injection can occur when attacker-controlled data is used to construct
+EL statements without neutralizing special characters. These special characters could modify the
+intended EL statement prior to it being executed by an interpreter.
+
+## Remediation
+
+User-controlled data should always have special elements neutralized when used as part of
+constructing Expression Language statements. Please consult the documentation for the EL
+interpreter in use on how properly neutralize user controlled data.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 917.1 | false | 917 | Active | high |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/917.html)
+- [OWASP](https://owasp.org/www-community/vulnerabilities/Expression_Language_Injection)
+- [Expression Language Injection [PDF]](https://mindedsecurity.com/wp-content/uploads/2020/10/ExpressionLanguageInjection.pdf)
diff --git a/doc/user/application_security/dast/browser/checks/94.1.md b/doc/user/application_security/dast/browser/checks/94.1.md
new file mode 100644
index 00000000000..ec30b41c5e8
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/94.1.md
@@ -0,0 +1,53 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Server-side code injection (PHP)
+
+## Description
+
+The target application was found vulnerable to code injection. A malicious actor could inject arbitrary
+PHP code to be executed on the server. This could lead to a full system compromise by accessing
+stored secrets, injecting code to take over accounts, or executing OS commands.
+
+## Remediation
+
+Never pass user input directly into functions which evaluate string data as code, such as `eval`.
+There is almost no benefit of passing string values to `eval`, as such the best recommendation is
+to replace the current logic with more safe implementations of dynamically evaluating logic with
+user input. One alternative is to use an `array()`, storing expected user inputs in an array
+key, and use that key as a look up to execute functions:
+
+```php
+$func_to_run = function()
+{
+    print('hello world');
+};
+
+$function_map = array();
+$function_map["fn"] = $func_to_run; // store additional input to function mappings here
+
+$input = "fn";
+
+// lookup "fn" as the key
+if (array_key_exists($input, $function_map)) {
+    // run the $func_to_run that was stored in the "fn" array hash value.
+    $func = $function_map[$input];
+    $func();
+} else {
+    print('invalid input');
+}
+```
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 94.1 | false | 94 | Active | high |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/94.html)
+- [OWASP](https://owasp.org/www-community/attacks/Code_Injection)
diff --git a/doc/user/application_security/dast/browser/checks/94.2.md b/doc/user/application_security/dast/browser/checks/94.2.md
new file mode 100644
index 00000000000..d6e7c5f482f
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/94.2.md
@@ -0,0 +1,51 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Server-side code injection (Ruby)
+
+## Description
+
+The target application was found vulnerable to code injection. A malicious actor could inject arbitrary
+Ruby code to be executed on the server. This could lead to a full system compromise by accessing
+stored secrets, injecting code to take over accounts, or executing OS commands.
+
+## Remediation
+
+Never pass user input directly into functions which evaluate string data as code, such as `eval`,
+`send`, `public_send`, `instance_eval` or `class_eval`. There is almost no benefit of passing string
+values to these methods, as such the best recommendation is to replace the current logic with more safe
+implementations of dynamically evaluating logic with user input. If using `send` or `public_send` ensure
+the first argument is to a known, hardcoded method/symbol and does not come from user input.
+
+For `eval`, `instance_eval` and `class_eval`, user input should never be sent directly to these methods.
+One alternative is to store functions or methods in a Hash that can be looked up using a key. If the key
+exists, the function can be executed.
+
+```ruby
+def func_to_run
+  puts 'hello world'
+end
+
+input = 'fn'
+
+function_map = { fn: method(:func_to_run) }
+
+if function_map.key?(input.to_sym)
+  function_map[input.to_sym].call
+else
+  puts 'invalid input'
+end
+```
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 94.2 | false | 94 | Active | high |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/94.html)
diff --git a/doc/user/application_security/dast/browser/checks/94.3.md b/doc/user/application_security/dast/browser/checks/94.3.md
new file mode 100644
index 00000000000..772cdb1d3ea
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/94.3.md
@@ -0,0 +1,45 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Server-side code injection (Python)
+
+## Description
+
+The target application was found vulnerable to code injection. A malicious actor could inject arbitrary
+Python code to be executed on the server. This could lead to a full system compromise by accessing
+stored secrets, injecting code to take over accounts, or executing OS commands.
+
+## Remediation
+
+Never pass user input directly into functions which evaluate string data as code, such as `eval`,
+or `exec`. There is almost no benefit of passing string values to these methods, as such the best
+recommendation is to replace the current logic with more safe implementations of dynamically evaluating
+logic with user input. One alternative is to store functions or methods in a hashmap that can be looked
+up using a key. If the key exists, the function can be executed.
+
+```python
+def func_to_run():
+    print('hello world')
+
+function_map = {'fn': func_to_run}
+
+input = 'fn'
+
+if input in function_map:
+    function_map[input]()
+else:
+    print('invalid input')
+```
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 94.3 | false | 94 | Active | high |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/94.html)
diff --git a/doc/user/application_security/dast/browser/checks/94.4.md b/doc/user/application_security/dast/browser/checks/94.4.md
new file mode 100644
index 00000000000..9dddada84f9
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/94.4.md
@@ -0,0 +1,49 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Server-side code injection (NodeJS)
+
+## Description
+
+The target application was found vulnerable to code injection. A malicious actor could inject arbitrary
+JavaScript code to be executed on the server. This could lead to a full system compromise by accessing
+stored secrets, injecting code to take over accounts, or executing OS commands.
+
+## Remediation
+
+Never pass user input directly into functions which evaluate string data as code, such as `eval`, `setTimeout`
+or `setInterval`. There is almost no benefit of passing string values to these methods, as such the best
+recommendation is to replace the current logic with more safe implementations of dynamically evaluating
+logic with user input. One alternative is to store functions or methods in a Map that can be looked
+up using a key. If the key exists, the function can be executed.
+
+```javascript
+const function_map = new Map();
+
+function_map.set('fn', function() {
+    console.log('hello world');
+})
+
+const input = 'fn2';
+
+const fn = function_map.get(input)
+
+if (fn) {
+    fn();
+} else {
+    console.log('invalid input');
+}
+```
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 94.4 | false | 94 | Active | high |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/94.html)
diff --git a/doc/user/application_security/dast/browser/checks/943.1.md b/doc/user/application_security/dast/browser/checks/943.1.md
new file mode 100644
index 00000000000..debae65669a
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/943.1.md
@@ -0,0 +1,30 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# Improper neutralization of special elements in data query logic
+
+## Description
+
+The application generates a query intended to interact with MongoDB,
+but it does not neutralize or incorrectly neutralizes special elements
+that can modify the intended logic of the query.
+
+## Remediation
+
+Refactor find or search queries to use standard
+filtering operators such as `$gt` or `$in` instead of broad operators such
+as `$where`. If possible, disable the MongoDB JavaScript interface entirely.
+
+## Details
+
+| ID | Aggregated | CWE | Type | Risk |
+|:---|:--------|:--------|:--------|:--------|
+| 943.1 | false | 943 | Active | high |
+
+## Links
+
+- [CWE](https://cwe.mitre.org/data/definitions/943.html)
+- [Disabling MongoDB Server Side JS](https://www.mongodb.com/docs/manual/core/server-side-javascript/#std-label-disable-server-side-js)
diff --git a/doc/user/application_security/dast/browser/checks/index.md b/doc/user/application_security/dast/browser/checks/index.md
new file mode 100644
index 00000000000..9184ce095a3
--- /dev/null
+++ b/doc/user/application_security/dast/browser/checks/index.md
@@ -0,0 +1,183 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+---
+
+# DAST browser-based crawler vulnerability checks
+
+DETAILS:
+**Tier:** Ultimate
+**Offering:** SaaS, self-managed
+
+The [DAST browser-based crawler](../index.md) provides a number of vulnerability checks that are used to scan for vulnerabilities in the site under test.
+
+## Passive Checks
+
+| ID | Check | Severity | Type |
+|:---|:------|:---------|:-----|
+| [1004.1](1004.1.md) | Sensitive cookie without HttpOnly attribute | Low | Passive |
+| [16.1](16.1.md) | Missing Content-Type header | Low | Passive |
+| [16.10](16.10.md) | Content-Security-Policy violations | Info | Passive |
+| [16.2](16.2.md) | Server header exposes version information | Low | Passive |
+| [16.3](16.3.md) | X-Powered-By header exposes version information | Low | Passive |
+| [16.4](16.4.md) | X-Backend-Server header exposes server information | Info | Passive |
+| [16.5](16.5.md) | AspNet header exposes version information | Low | Passive |
+| [16.6](16.6.md) | AspNetMvc header exposes version information | Low | Passive |
+| [16.7](16.7.md) | Strict-Transport-Security header missing or invalid | Low | Passive |
+| [16.8](16.8.md) | Content-Security-Policy analysis | Info | Passive |
+| [16.9](16.9.md) | Content-Security-Policy-Report-Only analysis | Info | Passive |
+| [200.1](200.1.md) | Exposure of sensitive information to an unauthorized actor (private IP address) | Low | Passive |
+| [209.1](209.1.md) | Generation of error message containing sensitive information | Low | Passive |
+| [209.2](209.2.md) | Generation of database error message containing sensitive information | Low | Passive |
+| [287.1](287.1.md) | Insecure authentication over HTTP (Basic Authentication) | Medium | Passive |
+| [287.2](287.2.md) | Insecure authentication over HTTP (Digest Authentication) | Low | Passive |
+| [319.1](319.1.md) | Mixed Content | Info | Passive |
+| [352.1](352.1.md) | Absence of anti-CSRF tokens | Medium | Passive |
+| [359.1](359.1.md) | Exposure of Private Personal Information (PII) to an unauthorized actor (credit card) | Medium | Passive |
+| [359.2](359.2.md) | Exposure of Private Personal Information (PII) to an unauthorized actor (United States social security number) | Medium | Passive |
+| [548.1](548.1.md) | Exposure of information through directory listing | Low | Passive |
+| [598.1](598.1.md) | Use of GET request method with sensitive query strings (session ID) | Medium | Passive |
+| [598.2](598.2.md) | Use of GET request method with sensitive query strings (password) | Medium | Passive |
+| [598.3](598.3.md) | Use of GET request method with sensitive query strings (Authorization header details) | Medium | Passive |
+| [601.1](601.1.md) | URL redirection to untrusted site ('open redirect') | Low | Passive |
+| [614.1](614.1.md) | Sensitive cookie without Secure attribute | Low | Passive |
+| [693.1](693.1.md) | Missing X-Content-Type-Options: nosniff | Low | Passive |
+| [798.1](798.1.md) | Exposure of confidential secret or token Adafruit API Key | High | Passive |
+| [798.2](798.2.md) | Exposure of confidential secret or token Adobe Client ID (OAuth Web) | High | Passive |
+| [798.3](798.3.md) | Exposure of confidential secret or token Adobe Client Secret | High | Passive |
+| [798.4](798.4.md) | Exposure of confidential secret or token Age secret key | High | Passive |
+| [798.5](798.5.md) | Exposure of confidential secret or token Airtable API Key | High | Passive |
+| [798.6](798.6.md) | Exposure of confidential secret or token Algolia API Key | High | Passive |
+| [798.7](798.7.md) | Exposure of confidential secret or token Alibaba AccessKey ID | High | Passive |
+| [798.8](798.8.md) | Exposure of confidential secret or token Alibaba Secret Key | High | Passive |
+| [798.9](798.9.md) | Exposure of confidential secret or token Asana Client ID | High | Passive |
+| [798.10](798.10.md) | Exposure of confidential secret or token Asana Client Secret | High | Passive |
+| [798.11](798.11.md) | Exposure of confidential secret or token Atlassian API token | High | Passive |
+| [798.12](798.12.md) | Exposure of confidential secret or token AWS | High | Passive |
+| [798.13](798.13.md) | Exposure of confidential secret or token Bitbucket Client ID | High | Passive |
+| [798.14](798.14.md) | Exposure of confidential secret or token Bitbucket Client Secret | High | Passive |
+| [798.15](798.15.md) | Exposure of confidential secret or token Bittrex Access Key | High | Passive |
+| [798.16](798.16.md) | Exposure of confidential secret or token Bittrex Secret Key | High | Passive |
+| [798.17](798.17.md) | Exposure of confidential secret or token Beamer API token | High | Passive |
+| [798.18](798.18.md) | Exposure of confidential secret or token Codecov Access Token | High | Passive |
+| [798.19](798.19.md) | Exposure of confidential secret or token Coinbase Access Token | High | Passive |
+| [798.20](798.20.md) | Exposure of confidential secret or token Clojars API token | High | Passive |
+| [798.21](798.21.md) | Exposure of confidential secret or token Confluent Access Token | High | Passive |
+| [798.22](798.22.md) | Exposure of confidential secret or token Confluent Secret Key | High | Passive |
+| [798.23](798.23.md) | Exposure of confidential secret or token Contentful delivery API token | High | Passive |
+| [798.24](798.24.md) | Exposure of confidential secret or token Databricks API token | High | Passive |
+| [798.25](798.25.md) | Exposure of confidential secret or token Datadog Access Token | High | Passive |
+| [798.26](798.26.md) | Exposure of confidential secret or token Discord API key | High | Passive |
+| [798.27](798.27.md) | Exposure of confidential secret or token Discord client ID | High | Passive |
+| [798.28](798.28.md) | Exposure of confidential secret or token Discord client secret | High | Passive |
+| [798.29](798.29.md) | Exposure of confidential secret or token Doppler API token | High | Passive |
+| [798.30](798.30.md) | Exposure of confidential secret or token Dropbox API secret | High | Passive |
+| [798.31](798.31.md) | Exposure of confidential secret or token Dropbox long lived API token | High | Passive |
+| [798.32](798.32.md) | Exposure of confidential secret or token Dropbox short lived API token | High | Passive |
+| [798.33](798.33.md) | Exposure of confidential secret or token Drone CI Access Token | High | Passive |
+| [798.34](798.34.md) | Exposure of confidential secret or token Duffel API token | High | Passive |
+| [798.35](798.35.md) | Exposure of confidential secret or token Dynatrace API token | High | Passive |
+| [798.36](798.36.md) | Exposure of confidential secret or token EasyPost API token | High | Passive |
+| [798.37](798.37.md) | Exposure of confidential secret or token EasyPost test API token | High | Passive |
+| [798.38](798.38.md) | Exposure of confidential secret or token Etsy Access Token | High | Passive |
+| [798.39](798.39.md) | Exposure of confidential secret or token Facebook | High | Passive |
+| [798.40](798.40.md) | Exposure of confidential secret or token Fastly API key | High | Passive |
+| [798.41](798.41.md) | Exposure of confidential secret or token Finicity Client Secret | High | Passive |
+| [798.42](798.42.md) | Exposure of confidential secret or token Finicity API token | High | Passive |
+| [798.43](798.43.md) | Exposure of confidential secret or token Flickr Access Token | High | Passive |
+| [798.44](798.44.md) | Exposure of confidential secret or token Finnhub Access Token | High | Passive |
+| [798.46](798.46.md) | Exposure of confidential secret or token Flutterwave Secret Key | High | Passive |
+| [798.47](798.47.md) | Exposure of confidential secret or token Flutterwave Encryption Key | High | Passive |
+| [798.48](798.48.md) | Exposure of confidential secret or token Frame.io API token | High | Passive |
+| [798.49](798.49.md) | Exposure of confidential secret or token FreshBooks Access Token | High | Passive |
+| [798.50](798.50.md) | Exposure of confidential secret or token GoCardless API token | High | Passive |
+| [798.52](798.52.md) | Exposure of confidential secret or token GitHub Personal Access Token | High | Passive |
+| [798.53](798.53.md) | Exposure of confidential secret or token GitHub OAuth Access Token | High | Passive |
+| [798.54](798.54.md) | Exposure of confidential secret or token GitHub App Token | High | Passive |
+| [798.55](798.55.md) | Exposure of confidential secret or token GitHub Refresh Token | High | Passive |
+| [798.56](798.56.md) | Exposure of confidential secret or token GitLab Personal Access Token | High | Passive |
+| [798.57](798.57.md) | Exposure of confidential secret or token Gitter Access Token | High | Passive |
+| [798.58](798.58.md) | Exposure of confidential secret or token HashiCorp Terraform user/org API token | High | Passive |
+| [798.59](798.59.md) | Exposure of confidential secret or token Heroku API Key | High | Passive |
+| [798.60](798.60.md) | Exposure of confidential secret or token HubSpot API Token | High | Passive |
+| [798.61](798.61.md) | Exposure of confidential secret or token Intercom API Token | High | Passive |
+| [798.62](798.62.md) | Exposure of confidential secret or token Kraken Access Token | High | Passive |
+| [798.63](798.63.md) | Exposure of confidential secret or token Kucoin Access Token | High | Passive |
+| [798.64](798.64.md) | Exposure of confidential secret or token Kucoin Secret Key | High | Passive |
+| [798.65](798.65.md) | Exposure of confidential secret or token LaunchDarkly Access Token | High | Passive |
+| [798.66](798.66.md) | Exposure of confidential secret or token Linear API Token | High | Passive |
+| [798.67](798.67.md) | Exposure of confidential secret or token Linear Client Secret | High | Passive |
+| [798.68](798.68.md) | Exposure of confidential secret or token LinkedIn Client ID | High | Passive |
+| [798.69](798.69.md) | Exposure of confidential secret or token LinkedIn Client secret | High | Passive |
+| [798.70](798.70.md) | Exposure of confidential secret or token Lob API Key | High | Passive |
+| [798.72](798.72.md) | Exposure of confidential secret or token Mailchimp API key | High | Passive |
+| [798.74](798.74.md) | Exposure of confidential secret or token Mailgun private API token | High | Passive |
+| [798.75](798.75.md) | Exposure of confidential secret or token Mailgun webhook signing key | High | Passive |
+| [798.77](798.77.md) | Exposure of confidential secret or token Mattermost Access Token | High | Passive |
+| [798.78](798.78.md) | Exposure of confidential secret or token MessageBird API token | High | Passive |
+| [798.80](798.80.md) | Exposure of confidential secret or token Netlify Access Token | High | Passive |
+| [798.81](798.81.md) | Exposure of confidential secret or token New Relic user API Key | High | Passive |
+| [798.82](798.82.md) | Exposure of confidential secret or token New Relic user API ID | High | Passive |
+| [798.83](798.83.md) | Exposure of confidential secret or token New Relic ingest browser API token | High | Passive |
+| [798.84](798.84.md) | Exposure of confidential secret or token npm access token | High | Passive |
+| [798.86](798.86.md) | Exposure of confidential secret or token Okta Access Token | High | Passive |
+| [798.87](798.87.md) | Exposure of confidential secret or token Plaid Client ID | High | Passive |
+| [798.88](798.88.md) | Exposure of confidential secret or token Plaid Secret key | High | Passive |
+| [798.89](798.89.md) | Exposure of confidential secret or token Plaid API Token | High | Passive |
+| [798.90](798.90.md) | Exposure of confidential secret or token PlanetScale password | High | Passive |
+| [798.91](798.91.md) | Exposure of confidential secret or token PlanetScale API token | High | Passive |
+| [798.92](798.92.md) | Exposure of confidential secret or token PlanetScale OAuth token | High | Passive |
+| [798.93](798.93.md) | Exposure of confidential secret or token Postman API token | High | Passive |
+| [798.94](798.94.md) | Exposure of confidential secret or token Private Key | High | Passive |
+| [798.95](798.95.md) | Exposure of confidential secret or token Pulumi API token | High | Passive |
+| [798.96](798.96.md) | Exposure of confidential secret or token PyPI upload token | High | Passive |
+| [798.97](798.97.md) | Exposure of confidential secret or token RubyGems API token | High | Passive |
+| [798.98](798.98.md) | Exposure of confidential secret or token RapidAPI Access Token | High | Passive |
+| [798.99](798.99.md) | Exposure of confidential secret or token Sendbird Access ID | High | Passive |
+| [798.100](798.100.md) | Exposure of confidential secret or token Sendbird Access Token | High | Passive |
+| [798.101](798.101.md) | Exposure of confidential secret or token SendGrid API token | High | Passive |
+| [798.102](798.102.md) | Exposure of confidential secret or token Sendinblue API token | High | Passive |
+| [798.103](798.103.md) | Exposure of confidential secret or token Sentry Access Token | High | Passive |
+| [798.104](798.104.md) | Exposure of confidential secret or token Shippo API token | High | Passive |
+| [798.105](798.105.md) | Exposure of confidential secret or token Shopify access token | High | Passive |
+| [798.106](798.106.md) | Exposure of confidential secret or token Shopify custom access token | High | Passive |
+| [798.107](798.107.md) | Exposure of confidential secret or token Shopify private app access token | High | Passive |
+| [798.108](798.108.md) | Exposure of confidential secret or token Shopify shared secret | High | Passive |
+| [798.109](798.109.md) | Exposure of confidential secret or token Slack token | High | Passive |
+| [798.110](798.110.md) | Exposure of confidential secret or token Slack Webhook | High | Passive |
+| [798.111](798.111.md) | Exposure of confidential secret or token Stripe | High | Passive |
+| [798.112](798.112.md) | Exposure of confidential secret or token Square Access Token | High | Passive |
+| [798.113](798.113.md) | Exposure of confidential secret or token Squarespace Access Token | High | Passive |
+| [798.114](798.114.md) | Exposure of confidential secret or token SumoLogic Access ID | High | Passive |
+| [798.115](798.115.md) | Exposure of confidential secret or token SumoLogic Access Token | High | Passive |
+| [798.116](798.116.md) | Exposure of confidential secret or token Travis CI Access Token | High | Passive |
+| [798.117](798.117.md) | Exposure of confidential secret or token Twilio API Key | High | Passive |
+| [798.118](798.118.md) | Exposure of confidential secret or token Twitch API token | High | Passive |
+| [798.119](798.119.md) | Exposure of confidential secret or token Twitter API Key | High | Passive |
+| [798.120](798.120.md) | Exposure of confidential secret or token Twitter API Secret | High | Passive |
+| [798.121](798.121.md) | Exposure of confidential secret or token Twitter Access Token | High | Passive |
+| [798.122](798.122.md) | Exposure of confidential secret or token Twitter Access Secret | High | Passive |
+| [798.123](798.123.md) | Exposure of confidential secret or token Twitter Bearer Token | High | Passive |
+| [798.124](798.124.md) | Exposure of confidential secret or token Typeform API token | High | Passive |
+| [798.125](798.125.md) | Exposure of confidential secret or token Yandex API Key | High | Passive |
+| [798.126](798.126.md) | Exposure of confidential secret or token Yandex AWS Access Token | High | Passive |
+| [798.127](798.127.md) | Exposure of confidential secret or token Yandex Access Token | High | Passive |
+| [798.128](798.128.md) | Exposure of confidential secret or token Zendesk Secret Key | High | Passive |
+| [829.1](829.1.md) | Inclusion of Functionality from Untrusted Control Sphere | Low | Passive |
+| [829.2](829.2.md) | Invalid Sub-Resource Integrity values detected | Medium | Passive |
+
+## Active Checks
+
+| ID | Check | Severity | Type |
+|:---|:------|:---------|:-----|
+| [113.1](113.1.md) | Improper Neutralization of CRLF Sequences in HTTP Headers | High | Active |
+| [22.1](22.1.md) | Improper limitation of a pathname to a restricted directory (Path traversal) | High | Active |
+| [611.1](611.1.md) | External XML Entity Injection (XXE) | High | Active |
+| [89.1](89.1.md) | SQL Injection | High | Active |
+| [917.1](917.1.md) | Expression Language Injection | High | Active |
+| [94.1](94.1.md) | Server-side code injection (PHP) | High | Active |
+| [94.2](94.2.md) | Server-side code injection (Ruby) | High | Active |
+| [94.3](94.3.md) | Server-side code injection (Python) | High | Active |
+| [94.4](94.4.md) | Server-side code injection (NodeJS) | High | Active |
+| [943.1](943.1.md) | Improper neutralization of special elements in data query logic | High | Active |
diff --git a/doc/user/application_security/dast/browser/configuration/authentication.md b/doc/user/application_security/dast/browser/configuration/authentication.md
new file mode 100644
index 00000000000..837aad93b53
--- /dev/null
+++ b/doc/user/application_security/dast/browser/configuration/authentication.md
@@ -0,0 +1,566 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+type: reference, howto
+---
+
+# Authentication configuration
+
+WARNING:
+**DO NOT** use credentials that are valid for production systems, production servers, or any that
+contain production data.
+
+WARNING:
+**DO NOT** run an authenticated scan against a production server.
+Authenticated scans may perform **any** function that the authenticated user can,
+including modifying or deleting data, submitting forms, and following links.
+Only run an authenticated scan against non-production systems or servers.
+
+Authentication logs a user in before a DAST scan so that the analyzer can test
+as much of the application as possible when searching for vulnerabilities.
+
+DAST uses a browser to authenticate the user so that the login form has the necessary JavaScript
+and styling required to submit the form. DAST finds the username and password fields and fills them with their respective values.
+The login form is submitted, and when the response returns, a series of checks verify if authentication was successful.
+DAST saves the credentials for reuse when crawling the target application.
+
+If DAST fails to authenticate, the scan halts and the CI job fails.
+
+Authentication supports single-step login forms, multi-step login forms, single sign-on, and authenticating to URLs outside of the configured target URL.
+
+## Getting started
+
+NOTE:
+You should periodically confirming that the analyzer's authentication is still working, as this tends to break over
+time due to changes to the application.
+
+To run a DAST authenticated scan:
+
+- Read the [prerequisite](#prerequisites) conditions for authentication.
+- [Update your target website](#update-the-target-website) to a landing page of an authenticated user.
+- If your login form has the username, password and submit button on a single page, use the [CI/CD variables](#available-cicd-variables) to configure [single-step](#configuration-for-a-single-step-login-form) login form authentication.
+- If your login form has the username and password fields on different pages, use the [CI/CD variables](#available-cicd-variables) to configure [multi-step](#configuration-for-a-multi-step-login-form) login form authentication.
+- Make sure the user isn't [logged out](#excluding-logout-urls) during the scan.
+
+### Prerequisites
+
+- You have the username and password of the user you would like to authenticate as during the scan.
+- You have checked the [known limitations](#known-limitations) to ensure DAST can authenticate to your application.
+- You have satisfied the prerequisites if you're using [form authentication](#form-authentication).
+- You have thought about how you can [verify](#verifying-authentication-is-successful) whether or not authentication was successful.
+
+#### Form authentication
+
+- You know the URL of the login form of your application. Alternatively, you know how to go to the login form from the authentication URL (see [clicking to go to the login form](#clicking-to-go-to-the-login-form)).
+- You know the [selectors](#finding-an-elements-selector) of the username and password HTML fields that DAST uses to input the respective values.
+- You know the element's [selector](#finding-an-elements-selector) that submits the login form when selected.
+
+### Available CI/CD variables
+
+| CI/CD variable                                 | Type                                      | Description                                                                                                                                                                                                                                                                                     |
+|:-----------------------------------------------|:------------------------------------------|:------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| `DAST_AUTH_COOKIES`                            | string                                    | Set to a comma-separated list of cookie names to specify which cookies are used for authentication.                                                                                                                                                                                             |
+| `DAST_AUTH_REPORT`                             | boolean                                   | Set to `true` to generate a report detailing steps taken during the authentication process. You must also define `gl-dast-debug-auth-report.html` as a CI job artifact to be able to access the generated report. The report's content aids when debugging authentication failures.             |
+| `DAST_AUTH_TYPE`                               | string                                    | The authentication type to use. Example: `basic-digest`.                                                                                                                                                                                                                                        |
+| `DAST_AUTH_URL`                                | URL                                       | The URL of the page containing the login form on the target website. `DAST_USERNAME` and `DAST_PASSWORD` are submitted with the login form to create an authenticated scan. Example: `https://login.example.com`.                                                                               |
+| `DAST_AUTH_VERIFICATION_LOGIN_FORM`            | boolean                                   | Verifies successful authentication by checking for the absence of a login form after the login form has been submitted.                                                                                                                                                                         |
+| `DAST_AUTH_VERIFICATION_SELECTOR`              | [selector](#finding-an-elements-selector) | A selector describing an element whose presence is used to determine if authentication has succeeded after the login form is submitted. Example: `css:.user-photo`.                                                                                                                             |
+| `DAST_AUTH_VERIFICATION_URL`                   | URL                                       | A URL that is compared to the URL in the browser to determine if authentication has succeeded after the login form is submitted. Example: `"https://example.com/loggedin_page"`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/207335) in GitLab 13.8.                             |
+| `DAST_BROWSER_PATH_TO_LOGIN_FORM`              | [selector](#finding-an-elements-selector) | A comma-separated list of selectors representing elements to click on prior to entering the `DAST_USERNAME` and `DAST_PASSWORD` into the login form. Example: `"css:.navigation-menu,css:.login-menu-item"`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/326633) in GitLab 14.1. |
+| `DAST_EXCLUDE_URLS`                            | URLs                                      | The URLs to skip during the authenticated scan; comma-separated. Regular expression syntax can be used to match multiple URLs. For example, `.*` matches an arbitrary character sequence.                                                                                                       |
+| `DAST_FIRST_SUBMIT_FIELD`                      | [selector](#finding-an-elements-selector) | A selector describing the element that is clicked on to submit the username form of a multi-page login process. For example, `css:button[type='user-submit']`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/9894) in GitLab 12.4.                                                 |
+| `DAST_PASSWORD`                                | string                                    | The password to authenticate to in the website. Example: `P@55w0rd!`                                                                                                                                                                                                                            |
+| `DAST_PASSWORD_FIELD`                          | [selector](#finding-an-elements-selector) | A selector describing the element used to enter the password on the login form. Example: `id:password`                                                                                                                                                                                      |
+| `DAST_SUBMIT_FIELD`                            | [selector](#finding-an-elements-selector) | A selector describing the element clicked on to submit the login form for a single-page login form, or the password form for a multi-page login form. For example, `css:button[type='submit']`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/9894) in GitLab 12.4.                |
+| `DAST_USERNAME`                                | string                                    | The username to authenticate to in the website. Example: `admin`                                                                                                                                                                                                                                |
+| `DAST_USERNAME_FIELD`                          | [selector](#finding-an-elements-selector) | A selector describing the element used to enter the username on the login form. Example: `name:username`                                                                                                                                                                                    |
+| `DAST_AUTH_DISABLE_CLEAR_FIELDS`               | boolean                                   | Disables clearing of username and password fields before attempting manual login. Set to `false` by default.                                                                                                                                                                                    |
+
+### Update the target website
+
+The target website, defined using the CI/CD variable `DAST_WEBSITE`, is the URL DAST uses to begin crawling your application.
+
+For best crawl results on an authenticated scan, the target website should be a URL accessible only after the user is authenticated.
+Often, this is the URL of the page the user lands on after they're logged in.
+
+For example:
+
+```yaml
+include:
+  - template: DAST.gitlab-ci.yml
+
+dast:
+  variables:
+    DAST_WEBSITE: "https://example.com/dashboard/welcome"
+    DAST_AUTH_URL: "https://example.com/login"
+```
+
+### Configuration for HTTP authentication
+
+To use an [HTTP authentication scheme](https://www.chromium.org/developers/design-documents/http-authentication/) such as Basic Authentication you can set the `DAST_AUTH_TYPE` value to `basic-digest`.
+Other schemes such as Negotiate or NTLM may work but aren't officially supported due to current lack of automated test coverage.
+
+Configuration requires the CI/CD variables `DAST_AUTH_TYPE`, `DAST_AUTH_URL`, `DAST_USERNAME`, `DAST_PASSWORD` to be defined for the DAST job. If you don't have a unique login URL, set `DAST_AUTH_URL` to the same URL as `DAST_WEBSITE`.
+
+```yaml
+include:
+  - template: DAST.gitlab-ci.yml
+
+dast:
+  variables:
+    DAST_WEBSITE: "https://example.com"
+    DAST_AUTH_TYPE: "basic-digest"
+    DAST_AUTH_URL: "https://example.com"
+```
+
+Do **not** define `DAST_USERNAME` and `DAST_PASSWORD` in the YAML job definition file as this could present a security risk. Instead, create them as masked CI/CD variables using the GitLab UI.
+See [Custom CI/CD variables](../../../../../ci/variables/index.md#for-a-project) for more information.
+
+### Configuration for a single-step login form
+
+A single-step login form has all login form elements on a single page.
+Configuration requires the CI/CD variables `DAST_AUTH_URL`, `DAST_USERNAME`, `DAST_USERNAME_FIELD`, `DAST_PASSWORD`, `DAST_PASSWORD_FIELD`, and `DAST_SUBMIT_FIELD` to be defined for the DAST job.
+
+You should set up the URL and selectors of fields in the job definition YAML, for example:
+
+```yaml
+include:
+  - template: DAST.gitlab-ci.yml
+
+dast:
+  variables:
+    DAST_WEBSITE: "https://example.com"
+    DAST_AUTH_URL: "https://example.com/login"
+    DAST_USERNAME_FIELD: "css:[name=username]"
+    DAST_PASSWORD_FIELD: "css:[name=password]"
+    DAST_SUBMIT_FIELD: "css:button[type=submit]"
+```
+
+Do **not** define `DAST_USERNAME` and `DAST_PASSWORD` in the YAML job definition file as this could present a security risk. Instead, create them as masked CI/CD variables using the GitLab UI.
+See [Custom CI/CD variables](../../../../../ci/variables/index.md#for-a-project) for more information.
+
+### Configuration for a multi-step login form
+
+A multi-step login form has two pages. The first page has a form with the username and a next submit button.
+If the username is valid, a second form on the subsequent page has the password and the form submit button.
+
+Configuration requires the CI/CD variables to be defined for the DAST job:
+
+- `DAST_AUTH_URL`
+- `DAST_USERNAME`
+- `DAST_USERNAME_FIELD`
+- `DAST_FIRST_SUBMIT_FIELD`
+- `DAST_PASSWORD`
+- `DAST_PASSWORD_FIELD`
+- `DAST_SUBMIT_FIELD`.
+
+You should set up the URL and selectors of fields in the job definition YAML, for example:
+
+```yaml
+include:
+  - template: DAST.gitlab-ci.yml
+
+dast:
+  variables:
+    DAST_WEBSITE: "https://example.com"
+    DAST_AUTH_URL: "https://example.com/login"
+    DAST_USERNAME_FIELD: "css:[name=username]"
+    DAST_FIRST_SUBMIT_FIELD: "css:button[name=next]"
+    DAST_PASSWORD_FIELD: "css:[name=password]"
+    DAST_SUBMIT_FIELD: "css:button[type=submit]"
+```
+
+Do **not** define `DAST_USERNAME` and `DAST_PASSWORD` in the YAML job definition file as this could present a security risk. Instead, create them as masked CI/CD variables using the GitLab UI.
+See [Custom CI/CD variables](../../../../../ci/variables/index.md#for-a-project) for more information.
+
+### Configuration for Single Sign-On (SSO)
+
+If a user can log into an application, then in most cases, DAST is also able to log in.
+Even when an application uses Single Sign-on. Applications using SSO solutions should configure DAST
+authentication using the [single-step](#configuration-for-a-single-step-login-form) or [multi-step](#configuration-for-a-multi-step-login-form) login form configuration guides.
+
+DAST supports authentication processes where a user is redirected to an external Identity Provider's site to log in.
+Check the [known limitations](#known-limitations) of DAST authentication to determine if your SSO authentication process is supported.
+
+### Clicking to go to the login form
+
+Define `DAST_BROWSER_PATH_TO_LOGIN_FORM` to provide a path of elements to click on from the `DAST_AUTH_URL` so that DAST can access the
+login form. This method is suitable for applications that show the login form in a pop-up (modal) window or when the login form does not
+have a unique URL.
+
+For example:
+
+```yaml
+include:
+  - template: DAST.gitlab-ci.yml
+
+dast:
+  variables:
+    DAST_WEBSITE: "https://example.com"
+    DAST_AUTH_URL: "https://example.com/login"
+    DAST_BROWSER_PATH_TO_LOGIN_FORM: "css:.navigation-menu,css:.login-menu-item"
+```
+
+### Excluding logout URLs
+
+If DAST crawls the logout URL while running an authenticated scan, the user is logged out, resulting in the remainder of the scan being unauthenticated.
+It is therefore recommended to exclude logout URLs using the CI/CD variable `DAST_EXCLUDE_URLS`. DAST isn't accessing any excluded URLs, ensuring the user remains logged in.
+
+Provided URLs can be either absolute URLs, or regular expressions of URL paths relative to the base path of the `DAST_WEBSITE`. For example:
+
+```yaml
+include:
+  - template: DAST.gitlab-ci.yml
+
+dast:
+  variables:
+    DAST_WEBSITE: "https://example.com/welcome/home"
+    DAST_EXCLUDE_URLS: "https://example.com/logout,/user/.*/logout"
+```
+
+### Finding an element's selector
+
+Selectors are used by CI/CD variables to specify the location of an element displayed on a page in a browser.
+Selectors have the format `type`:`search string`. DAST searches for the selector using the search string based on the type.
+
+| Selector type | Example                            | Description                                                                                                                                                                                           |
+|---------------|------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| `css`         | `css:.password-field`              | Searches for a HTML element having the supplied CSS selector. Selectors should be as specific as possible for performance reasons.                                                                    |
+| `id`          | `id:element`                       | Searches for an HTML element with the provided element ID.                                                                                                                                            |
+| `name`        | `name:element`                     | Searches for an HTML element with the provided element name.                                                                                                                                          |
+| `xpath`       | `xpath://input[@id="my-button"]/a` | Searches for a HTML element with the provided XPath. XPath searches are expected to be less performant than other searches.                                                                           |
+| None provided | `a.click-me`                       | Defaults to searching using a CSS selector. **{warning}** **[Deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/383348)** in GitLab 15.8. Replaced by explicitly declaring the selector type.  |
+
+#### Find selectors with Google Chrome
+
+Chrome DevTools element selector tool is an effective way to find a selector.
+
+1. Open Chrome and go to the page where you would like to find a selector, for example, the login page for your site.
+1. Open the `Elements` tab in Chrome DevTools with the keyboard shortcut `Command + Shift + c` in macOS or `Ctrl + Shift + c` in Windows.
+1. Select the `Select an element in the page to select it` tool.
+   ![search-elements](../img/dast_auth_browser_scan_search_elements.png)
+1. Select the field on your page that you would like to know the selector for.
+1. After the tool is active, highlight a field you wish to view the details of.
+   ![highlight](../img/dast_auth_browser_scan_highlight.png)
+1. Once highlighted, you can see the element's details, including attributes that would make a good candidate for a selector.
+
+In this example, the `id="user_login"` appears to be a good candidate. You can use this as a selector as the DAST username field by setting
+`DAST_USERNAME_FIELD: "id:user_login"`.
+
+#### Choose the right selector
+
+Judicious choice of selector leads to a scan that is resilient to the application changing.
+
+In order of preference, you should choose as selectors:
+
+- `id` fields. These fields generally unique on a page, and rarely change.
+- `name` fields. These fields generally unique on a page, and rarely change.
+- `class` values specific to the field, such as the selector `"css:.username"` for the `username` class on the username field.
+- Presence of field specific data attributes, such as the selector, `"css:[data-username]"` when the `data-username` field has any value on the username field.
+- Multiple `class` hierarchy values, such as the selector `"css:.login-form .username"` when there are multiple elements with class `username` but only one nested inside the element with the class `login-form`.
+
+When using selectors to locate specific fields you should avoid searching on:
+
+- Any `id`, `name`, `attribute`, `class` or `value` that is dynamically generated.
+- Generic class names, such as `column-10` and `dark-grey`.
+- XPath searches as they are less performant than other selector searches.
+- Unscoped searches, such as those beginning with `css:*` and `xpath://*`.
+
+## Verifying authentication is successful
+
+After DAST has submitted the login form, a verification process takes place
+to determine if authentication succeeded. The scan halts with an error if authentication is unsuccessful.
+
+Following the submission of the login form, authentication is determined to be unsuccessful when:
+
+- The login submit HTTP response has a `400` or `500` series status code.
+- Any [verification check](#verification-checks) fails.
+- An [authentication token](#authentication-tokens) with a sufficiently random value is not set during the authentication process.
+
+### Verification checks
+
+Verification checks run checks on the state of the browser once authentication is complete
+to determine further if authentication succeeded.
+
+DAST tests for the absence of a login form if no verification checks are configured.
+
+#### Verify based on the URL
+
+Define `DAST_AUTH_VERIFICATION_URL` as the URL displayed in the browser tab after the login form is successfully submitted.
+
+DAST compares the verification URL to the URL in the browser after authentication.
+If they are not the same, authentication is unsuccessful.
+
+For example:
+
+```yaml
+include:
+  - template: DAST.gitlab-ci.yml
+
+dast:
+  variables:
+    DAST_WEBSITE: "https://example.com"
+    DAST_AUTH_VERIFICATION_URL: "https://example.com/user/welcome"
+```
+
+#### Verify based on presence of an element
+
+Define `DAST_AUTH_VERIFICATION_SELECTOR` as a [selector](#finding-an-elements-selector) that finds one or many elements on the page
+displayed after the login form is successfully submitted. If no element is found, authentication is unsuccessful.
+Searching for the selector on the page displayed when login fails should return no elements.
+
+For example:
+
+```yaml
+include:
+  - template: DAST.gitlab-ci.yml
+
+dast:
+  variables:
+    DAST_WEBSITE: "https://example.com"
+    DAST_AUTH_VERIFICATION_SELECTOR: "css:.welcome-user"
+```
+
+#### Verify based on absence of a login form
+
+Define `DAST_AUTH_VERIFICATION_LOGIN_FORM` as `"true"` to indicate that DAST should search for the login form on the
+page displayed after the login form is successfully submitted. If a login form is still present after logging in, authentication is unsuccessful.
+
+For example:
+
+```yaml
+include:
+  - template: DAST.gitlab-ci.yml
+
+dast:
+  variables:
+    DAST_WEBSITE: "https://example.com"
+    DAST_AUTH_VERIFICATION_LOGIN_FORM: "true"
+```
+
+### Authentication tokens
+
+DAST records authentication tokens set during the authentication process.
+Authentication tokens are loaded into new browsers when DAST opens them so the user can remain logged in throughout the scan.
+
+To record tokens, DAST takes a snapshot of cookies, local storage, and session storage values set by the application before
+the authentication process. DAST does the same after authentication and uses the difference to determine which were created
+by the authentication process.
+
+DAST considers cookies, local storage and session storage values set with sufficiently "random" values to be authentication tokens.
+For example, `sessionID=HVxzpS8GzMlPAc2e39uyIVzwACIuGe0H` would be viewed as an authentication token, while `ab_testing_group=A1` would not.
+
+The CI/CD variable `DAST_AUTH_COOKIES` can be used to specify the names of authentication cookies and bypass the randomness check used by DAST.
+Not only can this make the authentication process more robust, but it can also increase vulnerability check accuracy for checks that
+inspect authentication tokens.
+
+For example:
+
+```yaml
+include:
+  - template: DAST.gitlab-ci.yml
+
+dast:
+  variables:
+    DAST_WEBSITE: "https://example.com"
+    DAST_AUTH_COOKIES: "sessionID,refreshToken"
+```
+
+## Known limitations
+
+- DAST cannot bypass a CAPTCHA if the authentication flow includes one. Turn these off in the testing environment for the application being scanned.
+- DAST cannot handle multi-factor authentication like one-time passwords (OTP) by using SMS, biometrics, or authenticator apps. Turn these off in the testing environment for the application being scanned.
+- DAST cannot authenticate to applications that do not set an [authentication token](#authentication-tokens) during login.
+- DAST cannot authenticate to applications that require more than two inputs to be filled out. Two inputs must be supplied, username and password.
+
+## Troubleshooting
+
+The [logs](#read-the-logs) provide insight into what DAST is doing and expecting during the authentication process. For more detailed
+information, configure the [authentication report](#configure-the-authentication-report).
+
+For more information about particular error messages or situations see [known problems](#known-problems).
+
+The browser-based analyzer is used to authenticate the user. For advanced troubleshooting, see [browser-based troubleshooting](../troubleshooting.md).
+
+### Read the logs
+
+The console output of the DAST CI/CD job shows information about the authentication process using the `AUTH` log module.
+For example, the following log shows failed authentication for a multi-step login form.
+Authentication failed because a home page should be displayed after login. Instead, the login form was still present.
+
+```plaintext
+2022-11-16T13:43:02.000 INF AUTH  attempting to authenticate
+2022-11-16T13:43:02.000 INF AUTH  loading login page LoginURL=https://example.com/login
+2022-11-16T13:43:10.000 INF AUTH  multi-step authentication detected
+2022-11-16T13:43:15.000 INF AUTH  verifying if user submit was successful true_when="HTTP status code < 400"
+2022-11-16T13:43:15.000 INF AUTH  requirement is satisfied, no login HTTP message detected want="HTTP status code < 400"
+2022-11-16T13:43:20.000 INF AUTH  verifying if login attempt was successful true_when="HTTP status code < 400 and has authentication token and no login form found (no element found when searching using selector css:[id=email] or css:[id=password] or css:[id=submit])"
+2022-11-24T14:43:20.000 INF AUTH  requirement is satisfied, HTTP login request returned status code 200 url=https://example.com/user/login?error=invalid%20credentials want="HTTP status code < 400"
+2022-11-16T13:43:21.000 INF AUTH  requirement is unsatisfied, login form was found want="no login form found (no element found when searching using selector css:[id=email] or css:[id=password] or css:[id=submit])"
+2022-11-16T13:43:21.000 INF AUTH  login attempt failed error="authentication failed: failed to authenticate user"
+```
+
+### Configure the authentication report
+
+WARNING:
+The authentication report can contain sensitive information such as the credentials used to perform the login.
+
+An authentication report can be saved as a CI/CD job artifact to assist with understanding the cause of an authentication failure.
+
+The report contains steps performed during the login process, HTTP requests and responses, the Document Object Model (DOM) and screenshots.
+
+![dast-auth-report](../img/dast_auth_report.jpg)
+
+An example configuration where the authentication debug report is exported may look like the following:
+
+```yaml
+dast:
+  variables:
+    DAST_WEBSITE: "https://example.com"
+    DAST_AUTH_REPORT: "true"
+  artifacts:
+    paths: [gl-dast-debug-auth-report.html]
+    when: always
+```
+
+### Known problems
+
+#### Login form not found
+
+DAST failed to find a login form when loading the login page, often because the authentication URL could not be loaded.
+The log reports a fatal error such as:
+
+```plaintext
+2022-12-07T12:44:02.838 INF AUTH  loading login page LoginURL=[authentication URL]
+2022-12-07T12:44:11.119 FTL MAIN  authentication failed: login form not found
+```
+
+Suggested actions:
+
+- Generate the [authentication report](#configure-the-authentication-report) to inspect HTTP response.
+- Check the target application authentication is deployed and running.
+- Check the `DAST_AUTH_URL` is correct.
+- Check the GitLab Runner can access the `DAST_AUTH_URL`.
+- Check the `DAST_BROWSER_PATH_TO_LOGIN_FORM` is valid if used.
+
+#### Scan doesn't crawl authenticated pages
+
+If DAST captures the wrong [authentication tokens](#authentication-tokens) during the authentication process then
+the scan can't crawl authenticated pages. Names of cookies and storage authentication tokens are written to the log. For example:
+
+```plaintext
+2022-11-24T14:42:31.492 INF AUTH  authentication token cookies names=["sessionID"]
+2022-11-24T14:42:31.492 INF AUTH  authentication token storage events keys=["token"]
+```
+
+Suggested actions:
+
+- Generate the [authentication report](#configure-the-authentication-report) and look at the screenshot from the `Login submit` to verify that the login worked as expected.
+- Verify the logged authentication tokens are those used by your application.
+- If using cookies to store authentication tokens, set the names of the authentication token cookies using `DAST_AUTH_COOKIES`.
+
+#### Unable to find elements with selector
+
+DAST failed to find the username, password, first submit button, or submit button elements. The log reports a fatal error such as:
+
+```plaintext
+2022-12-07T13:14:11.545 FTL MAIN  authentication failed: unable to find elements with selector: css:#username
+```
+
+Suggested actions:
+
+- Generate the [authentication report](#configure-the-authentication-report) to use the screenshot from the `Login page` to verify that the page loaded correctly.
+- Load the login page in a browser and verify the [selectors](#finding-an-elements-selector) configured in `DAST_USERNAME_FIELD`, `DAST_PASSWORD_FIELD`, `DAST_FIRST_SUBMIT_FIELD`, and `DAST_SUBMIT_FIELD` are correct.
+
+#### Failed to authenticate user
+
+DAST failed to authenticate due to a failed login verification check. The log reports a fatal error such as:
+
+```plaintext
+2022-12-07T06:39:49.483 INF AUTH  verifying if login attempt was successful true_when="HTTP status code < 400 and has authentication token and no login form found (no element found when searching using selector css:[name=username] or css:[name=password] or css:button[type=\"submit\"])"
+2022-12-07T06:39:49.484 INF AUTH  requirement is satisfied, HTTP login request returned status code 303 url=http://auth-manual:8090/login want="HTTP status code < 400"
+2022-12-07T06:39:49.513 INF AUTH  requirement is unsatisfied, login form was found want="no login form found (no element found when searching using selector css:[name=username] or css:[name=password] or css:button[type=\"submit\"])"
+2022-12-07T06:39:49.589 INF AUTH  login attempt failed error="authentication failed: failed to authenticate user"
+2022-12-07T06:39:53.626 FTL MAIN  authentication failed: failed to authenticate user
+```
+
+Suggested actions:
+
+- Look in the log for the `requirement is unsatisfied`. Respond to the appropriate error.
+
+#### Requirement unsatisfied, login form was found
+
+Applications typically display a dashboard when the user logs in and the login form with an error message when the
+username or password is incorrect.
+
+This error occurs when DAST detects the login form on the page displayed after authenticating the user,
+indicating that the login attempt failed.
+
+```plaintext
+2022-12-07T06:39:49.513 INF AUTH  requirement is unsatisfied, login form was found want="no login form found (no element found when searching using selector css:[name=username] or css:[name=password] or css:button[type=\"submit\"])"
+```
+
+Suggested actions:
+
+- Verify that the username and password/authentication credentials used are correct.
+- Generate the [authentication report](#configure-the-authentication-report) and verify the `Request` for the `Login submit` is correct.
+- It's possible that the authentication report `Login submit` request and response are empty. This occurs when there is no request that would result
+  in a full page reload, such as a request made when submitting a HTML form. This occurs when using websockets or AJAX to submit the login form.
+- If the page displayed following user authentication genuinely has elements matching the login form selectors, configure `DAST_AUTH_VERIFICATION_URL`
+  or `DAST_AUTH_VERIFICATION_SELECTOR` to use an alternate method of verifying the login attempt.
+
+#### Requirement unsatisfied, selector returned no results
+
+DAST cannot find an element matching the selector provided in `DAST_AUTH_VERIFICATION_SELECTOR` on the page displayed following user login.
+
+```plaintext
+2022-12-07T06:39:33.239 INF AUTH  requirement is unsatisfied, searching DOM using selector returned no results want="has element css:[name=welcome]"
+```
+
+Suggested actions:
+
+- Generate the [authentication report](#configure-the-authentication-report) and look at the screenshot from the `Login submit` to verify that the expected page is displayed.
+- Ensure the `DAST_AUTH_VERIFICATION_SELECTOR` [selector](#finding-an-elements-selector) is correct.
+
+#### Requirement unsatisfied, browser not at URL
+
+DAST detected that the page displayed following user login has a URL different to what was expected according to `DAST_AUTH_VERIFICATION_URL`.
+
+```plaintext
+2022-12-07T11:28:00.241 INF AUTH  requirement is unsatisfied, browser is not at URL browser_url="https://example.com/home" want="is at url https://example.com/user/dashboard"
+```
+
+Suggested actions:
+
+- Generate the [authentication report](#configure-the-authentication-report) and look at the screenshot from the `Login submit` to verify that the expected page is displayed.
+- Ensure the `DAST_AUTH_VERIFICATION_URL` is correct.
+
+#### Requirement unsatisfied, HTTP login request status code
+
+The HTTP response when loading the login form or submitting the form had a status code of 400 (client error)
+or 500 (server error).
+
+```plaintext
+2022-12-07T06:39:53.626 INF AUTH  requirement is unsatisfied, HTTP login request returned status code 502 url="https://example.com/user/login" want="HTTP status code < 400"
+```
+
+- Verify that the username and password/authentication credentials used are correct.
+- Generate the [authentication report](#configure-the-authentication-report) and verify the `Request` for the `Login submit` is correct.
+- Verify the target application works as expected.
+
+#### Requirement unsatisfied, no authentication token
+
+DAST could not detect an [authentication token](#authentication-tokens) created during the authentication process.
+
+```plaintext
+2022-12-07T11:25:29.010 INF AUTH  authentication token cookies names=[]
+2022-12-07T11:25:29.010 INF AUTH  authentication token storage events keys=[]
+2022-12-07T11:25:29.010 INF AUTH  requirement is unsatisfied, no basic authentication, cookie or storage event authentication token detected want="has authentication token"
+```
+
+Suggestion actions:
+
+- Generate the [authentication report](#configure-the-authentication-report) and look at the screenshot from the `Login submit` to verify that the login worked as expected.
+- Using the browser's developer tools, investigate the cookies and local/session storage objects created while logging in. Ensure there is an authentication token created with sufficiently random value.
+- If using cookies to store authentication tokens, set the names of the authentication token cookies using `DAST_AUTH_COOKIES`.
diff --git a/doc/user/application_security/dast/browser/configuration/customize_settings.md b/doc/user/application_security/dast/browser/configuration/customize_settings.md
new file mode 100644
index 00000000000..0b3e49bfe0d
--- /dev/null
+++ b/doc/user/application_security/dast/browser/configuration/customize_settings.md
@@ -0,0 +1,149 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+type: reference, howto
+---
+
+# Customize analyzer settings
+
+## Managing scope
+
+Scope controls what URLs DAST follows when crawling the target application. Properly managed scope minimizes scan run time while ensuring only the target application is checked for vulnerabilities.
+
+### Types of scope
+
+There are three types of scope:
+
+- in scope
+- out of scope
+- excluded from scope
+
+#### In scope
+
+DAST follows in-scope URLs and searches the DOM for subsequent actions to perform to continue the crawl.
+Recorded in-scope HTTP messages are passively checked for vulnerabilities and used to build attacks when running a full scan.
+
+#### Out of scope
+
+DAST follows out-of-scope URLs for non-document content types such as image, stylesheet, font, script, or AJAX request.
+[Authentication](#scope-works-differently-during-authentication) aside, DAST does not follow out-of-scope URLs for full page loads, such as when clicking a link to an external website.
+Except for passive checks that search for information leaks, recorded HTTP messages for out-of-scope URLs are not checked for vulnerabilities.
+
+#### Excluded from scope
+
+DAST does not follow excluded-from-scope URLs. Except for passive checks that search for information leaks, recorded HTTP messages for excluded-from-scope URLs are not checked for vulnerabilities.
+
+### Scope works differently during authentication
+
+Many target applications have an authentication process that depends on external websites, such as when using an identity access management provider for single sign on (SSO).
+To ensure that DAST can authenticate with these providers, DAST follows out-of-scope URLs for full page loads during authentication. DAST does not follow excluded-from-scope URLs.
+
+### How DAST blocks HTTP requests
+
+DAST instructs the browser to make the HTTP request as usual when blocking a request due to scope rules. The request is subsequently intercepted and rejected with the reason `BlockedByClient`.
+This approach allows DAST to record the HTTP request while ensuring it never reaches the target server. Passive checks such as [200.1](../checks/200.1.md) use these recorded requests to verify information sent to external hosts.
+
+### How to configure scope
+
+By default, URLs matching the host of the target application are considered in-scope. All other hosts are considered out-of-scope.
+
+Scope is configured using the following variables:
+
+- Use `DAST_BROWSER_ALLOWED_HOSTS` to add in-scope hosts.
+- Use `DAST_BROWSER_IGNORED_HOSTS` to add to out-of-scope hosts.
+- Use `DAST_BROWSER_EXCLUDED_HOSTS` to add to excluded-from-scope hosts.
+- Use `DAST_EXCLUDE_URLS` to set specific URLs to be excluded-from-scope.
+
+Rules:
+
+- Excluding a host is given priority over ignoring a host, which is given priority over allowing a host.
+- Configuring scope for a host does not configure scope for the subdomains of that host.
+- Configuring scope for a host does not configure scope for all ports on that host.
+
+The following could be a typical configuration:
+
+```yaml
+include:
+  - template: DAST.gitlab-ci.yml
+
+dast:
+  variables:
+    DAST_WEBSITE: "https://my.site.com"                   # my.site.com URLs are considered in-scope by default
+    DAST_BROWSER_ALLOWED_HOSTS: "api.site.com:8443"       # include the API as part of the scan
+    DAST_BROWSER_IGNORED_HOSTS: "analytics.site.com"      # explicitly disregard analytics from the scan
+    DAST_BROWSER_EXCLUDED_HOSTS: "ads.site.com"           # don't visit any URLs on the ads subdomain
+    DAST_EXCLUDE_URLS: "https://my.site.com/user/logout"  # don't visit this URL
+```
+
+## Vulnerability detection
+
+Vulnerability detection is gradually being migrated from the default Zed Attack Proxy (ZAP) solution
+to the browser-based analyzer. For details of the vulnerability detection already migrated, see
+[browser-based vulnerability checks](../checks/index.md).
+
+The crawler runs the target website in a browser with DAST/ZAP configured as the proxy server. This
+ensures that all requests and responses made by the browser are passively scanned by DAST/ZAP. When
+running a full scan, active vulnerability checks executed by DAST/ZAP do not use a browser. This
+difference in how vulnerabilities are checked can cause issues that require certain features of the
+target website to be disabled to ensure the scan works as intended.
+
+For example, for a target website that contains forms with Anti-CSRF tokens, a passive scan works as
+intended because the browser displays pages and forms as if a user is viewing the page. However,
+active vulnerability checks that run in a full scan cannot submit forms containing Anti-CSRF tokens.
+In such cases, we recommend you disable Anti-CSRF tokens when running a full scan.
+
+## Managing scan time
+
+It is expected that running the browser-based crawler results in better coverage for many web applications, when compared to the standard GitLab DAST solution.
+This can come at a cost of increased scan time.
+
+You can manage the trade-off between coverage and scan time with the following measures:
+
+- Vertically scale the runner and use a higher number of browsers with the [variable](variables.md) `DAST_BROWSER_NUMBER_OF_BROWSERS`. The default is `3`.
+- Limit the number of actions executed by the browser with the [variable](variables.md) `DAST_BROWSER_MAX_ACTIONS`. The default is `10,000`.
+- Limit the page depth that the browser-based crawler checks coverage on with the [variable](variables.md) `DAST_BROWSER_MAX_DEPTH`. The crawler uses a breadth-first search strategy, so pages with smaller depth are crawled first. The default is `10`.
+- Limit the time taken to crawl the target application with the [variable](variables.md) `DAST_BROWSER_CRAWL_TIMEOUT`. The default is `24h`. Scans continue with passive and active checks when the crawler times out.
+- Build the crawl graph with the [variable](variables.md) `DAST_BROWSER_CRAWL_GRAPH` to see what pages are being crawled.
+- Prevent pages from being crawled using the [variable](variables.md) `DAST_EXCLUDE_URLS`.
+- Prevent elements being selected using the [variable](variables.md) `DAST_BROWSER_EXCLUDED_ELEMENTS`. Use with caution, as defining this variable causes an extra lookup for each page crawled.
+- If the target application has minimal or fast rendering, consider reducing the [variable](variables.md) `DAST_BROWSER_DOM_READY_AFTER_TIMEOUT` to a smaller value. The default is `500ms`.
+
+## Timeouts
+
+Due to poor network conditions or heavy application load, the default timeouts may not be applicable to your application.
+
+Browser-based scans offer the ability to adjust various timeouts to ensure it continues smoothly as it transitions from one page to the next. These values are configured using a [Duration string](https://pkg.go.dev/time#ParseDuration), which allow you to configure durations with a prefix: `m` for minutes, `s` for seconds, and `ms` for milliseconds.
+
+Navigations, or the act of loading a new page, usually require the most amount of time because they are
+loading multiple new resources such as JavaScript or CSS files. Depending on the size of these resources, or the speed at which they are returned, the default `DAST_BROWSER_NAVIGATION_TIMEOUT` may not be sufficient.
+
+Stability timeouts, such as those configurable with `DAST_BROWSER_NAVIGATION_STABILITY_TIMEOUT`, `DAST_BROWSER_STABILITY_TIMEOUT`, and `DAST_BROWSER_ACTION_STABILITY_TIMEOUT` can also be configured. Stability timeouts determine when browser-based scans consider
+a page fully loaded. Browser-based scans consider a page loaded when:
+
+1. The [DOMContentLoaded](https://developer.mozilla.org/en-US/docs/Web/API/Window/DOMContentLoaded_event) event has fired.
+1. There are no open or outstanding requests that are deemed important, such as JavaScript and CSS. Media files are usually deemed unimportant.
+1. Depending on whether the browser executed a navigation, was forcibly transitioned, or action:
+
+   - There are no new Document Object Model (DOM) modification events after the `DAST_BROWSER_NAVIGATION_STABILITY_TIMEOUT`, `DAST_BROWSER_STABILITY_TIMEOUT`, or `DAST_BROWSER_ACTION_STABILITY_TIMEOUT` durations.
+
+After these events have occurred, browser-based scans consider the page loaded and ready, and attempt the next action.
+
+If your application experiences latency or returns many navigation failures, consider adjusting the timeout values such as in this example:
+
+```yaml
+include:
+  - template: DAST.gitlab-ci.yml
+
+dast:
+  variables:
+    DAST_WEBSITE: "https://my.site.com"
+    DAST_BROWSER_NAVIGATION_TIMEOUT: "25s"
+    DAST_BROWSER_ACTION_TIMEOUT: "10s"
+    DAST_BROWSER_STABILITY_TIMEOUT: "15s"
+    DAST_BROWSER_NAVIGATION_STABILITY_TIMEOUT: "15s"
+    DAST_BROWSER_ACTION_STABILITY_TIMEOUT: "3s"
+```
+
+NOTE:
+Adjusting these values may impact scan time because they adjust how long each browser waits for various activities to complete.
diff --git a/doc/user/application_security/dast/browser/configuration/enabling_the_analyzer.md b/doc/user/application_security/dast/browser/configuration/enabling_the_analyzer.md
new file mode 100644
index 00000000000..44ceaea5dce
--- /dev/null
+++ b/doc/user/application_security/dast/browser/configuration/enabling_the_analyzer.md
@@ -0,0 +1,76 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+type: reference, howto
+---
+
+# Enabling the analyzer
+
+To run a DAST scan:
+
+- Read the [requirements](requirements.md) conditions for running a DAST scan.
+- Create a [DAST job](#create-a-dast-cicd-job) in your CI/CD pipeline.
+- [Authenticate](authentication.md) as a user if your application requires it.
+
+## Create a DAST CI/CD job
+
+> - This template was [updated](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/62597) to DAST_VERSION: 2 in
+    GitLab 14.0.
+> - This template was [updated](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/87183) to DAST_VERSION: 3 in
+    GitLab 15.0.
+
+To add DAST scanning to your application, use the DAST job defined
+in the GitLab DAST CI/CD template file. Updates to the template are provided with GitLab
+upgrades, allowing you to benefit from any improvements and additions.
+
+To create the CI/CD job:
+
+1. Include the appropriate CI/CD template:
+
+    - [`DAST.gitlab-ci.yml`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Security/DAST.gitlab-ci.yml):
+      Stable version of the DAST CI/CD template.
+    - [`DAST.latest.gitlab-ci.yml`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Security/DAST.latest.gitlab-ci.yml):
+      Latest version of the DAST template. ([Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/254325)
+      in GitLab 13.8).
+
+   WARNING:
+   The latest version of the template may include breaking changes. Use the
+   stable template unless you need a feature provided only in the latest template.
+
+   For more information about template versioning, see the
+   [CI/CD documentation](../../../../../development/cicd/templates.md#latest-version).
+
+1. Add a `dast` stage to your GitLab CI/CD stages configuration.
+
+1. Define the URL to be scanned by DAST by using one of these methods:
+
+    - Set the `DAST_WEBSITE` [CI/CD variable](../../../../../ci/yaml/index.md#variables).
+      If set, this value takes precedence.
+
+    - Adding the URL in an `environment_url.txt` file at your project's root is great for testing in
+      dynamic environments. To run DAST against an application dynamically created during a GitLab CI/CD
+      pipeline, write the application URL to an `environment_url.txt` file. DAST automatically reads the
+      URL to find the scan target.
+
+      You can see an [example of this in our Auto DevOps CI YAML](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/ci/templates/Jobs/Deploy.gitlab-ci.yml).
+
+1. Set the `DAST_BROWSER_SCAN` [CI/CD variable](../../../../../ci/yaml/index.md#variables) to `"true"`.
+
+For example:
+
+```yaml
+stages:
+  - build
+  - test
+  - deploy
+  - dast
+
+include:
+  - template: DAST.gitlab-ci.yml
+
+dast:
+  variables:
+    DAST_WEBSITE: "https://example.com"
+    DAST_BROWSER_SCAN: "true"
+```
diff --git a/doc/user/application_security/dast/browser/configuration/index.md b/doc/user/application_security/dast/browser/configuration/index.md
new file mode 100644
index 00000000000..4795c072348
--- /dev/null
+++ b/doc/user/application_security/dast/browser/configuration/index.md
@@ -0,0 +1,16 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+type: reference, howto
+---
+
+# Configuration
+
+- [Requirements](requirements.md)
+- [Enabling the analyzer](enabling_the_analyzer.md)
+- [Customize analyzer settings](customize_settings.md)
+- [Overriding analyzer jobs](overriding_analyzer_jobs.md)
+- [Available CI/CD variables](variables.md)
+- [Authentication configuration](authentication.md)
+- [Offline configuration](offline_configuration.md)
diff --git a/doc/user/application_security/dast/browser/configuration/offline_configuration.md b/doc/user/application_security/dast/browser/configuration/offline_configuration.md
new file mode 100644
index 00000000000..71e2faf8820
--- /dev/null
+++ b/doc/user/application_security/dast/browser/configuration/offline_configuration.md
@@ -0,0 +1,63 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+type: reference, howto
+---
+
+# Offline configuration
+
+For self-managed GitLab instances in an environment with limited, restricted, or intermittent access
+to external resources through the internet, some adjustments are required for the DAST job to
+successfully run. For more information, see [Offline environments](../../../offline_deployments/index.md).
+
+## Requirements for offline DAST support
+
+To use DAST in an offline environment, you need:
+
+- GitLab Runner with the [`docker` or `kubernetes` executor](requirements.md).
+- Docker Container Registry with a locally available copy of the DAST
+  [container image](https://gitlab.com/security-products/dast), found in the
+  [DAST container registry](https://gitlab.com/security-products/dast/container_registry).
+
+GitLab Runner has a [default `pull policy` of `always`](https://docs.gitlab.com/runner/executors/docker.html#using-the-always-pull-policy),
+meaning the runner tries to pull Docker images from the GitLab container registry even if a local
+copy is available. The GitLab Runner [`pull_policy` can be set to `if-not-present`](https://docs.gitlab.com/runner/executors/docker.html#using-the-if-not-present-pull-policy)
+in an offline environment if you prefer using only locally available Docker images. However, we
+recommend keeping the pull policy setting to `always` if not in an offline environment, as this
+enables the use of updated scanners in your CI/CD pipelines.
+
+## Make GitLab DAST analyzer images available inside your Docker registry
+
+For DAST, import the following default DAST analyzer image from `registry.gitlab.com` to your [local Docker container registry](../../../../packages/container_registry/index.md):
+
+- `registry.gitlab.com/security-products/dast:latest`
+
+The process for importing Docker images into a local offline Docker registry depends on
+**your network security policy**. Consult your IT staff to find an accepted and approved
+process by which external resources can be imported or temporarily accessed.
+These scanners are [periodically updated](../../../index.md#vulnerability-scanner-maintenance)
+with new definitions, and you may be able to make occasional updates on your own.
+
+For details on saving and transporting Docker images as a file, see the Docker documentation on
+[`docker save`](https://docs.docker.com/engine/reference/commandline/save/),
+[`docker load`](https://docs.docker.com/engine/reference/commandline/load/),
+[`docker export`](https://docs.docker.com/engine/reference/commandline/export/), and
+[`docker import`](https://docs.docker.com/engine/reference/commandline/import/).
+
+## Set DAST CI/CD job variables to use local DAST analyzers
+
+Add the following configuration to your `.gitlab-ci.yml` file. You must replace `image` to refer to
+the DAST Docker image hosted on your local Docker container registry:
+
+```yaml
+include:
+  - template: DAST.gitlab-ci.yml
+dast:
+  image: registry.example.com/namespace/dast:latest
+```
+
+The DAST job should now use local copies of the DAST analyzers to scan your code and generate
+security reports without requiring internet access.
+
+Alternatively, you can use the CI/CD variable `SECURE_ANALYZERS_PREFIX` to override the base registry address of the `dast` image.
diff --git a/doc/user/application_security/dast/browser/configuration/overriding_analyzer_jobs.md b/doc/user/application_security/dast/browser/configuration/overriding_analyzer_jobs.md
new file mode 100644
index 00000000000..1e5a57cee17
--- /dev/null
+++ b/doc/user/application_security/dast/browser/configuration/overriding_analyzer_jobs.md
@@ -0,0 +1,21 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+type: reference, howto
+---
+
+# Overriding DAST jobs
+
+To override a job definition, (for example, change properties like `variables`, `dependencies`, or [`rules`](../../../../../ci/yaml/index.md#rules)),
+declare a job with the same name as the DAST job to override. Place this new job after the template
+inclusion and specify any additional keys under it. For example, this enables authentication debug logging for the analyzer:
+
+```yaml
+include:
+  - template: Security/DAST.gitlab-ci.yml
+
+dast:
+  variables:
+    DAST_BROWSER_LOG: auth:debug
+```
diff --git a/doc/user/application_security/dast/browser/configuration/requirements.md b/doc/user/application_security/dast/browser/configuration/requirements.md
new file mode 100644
index 00000000000..252506f3a0f
--- /dev/null
+++ b/doc/user/application_security/dast/browser/configuration/requirements.md
@@ -0,0 +1,108 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+type: reference, howto
+---
+
+# Requirements
+
+- [GitLab Runner](../../../../../ci/runners/index.md) available, with the
+  [`docker` executor](https://docs.gitlab.com/runner/executors/docker.html) on Linux/amd64.
+- Target application deployed. For more details, read [Deployment options](#application-deployment-options).
+- `dast` stage added to the CI/CD pipeline definition. This should be added after the deploy step, for example:
+
+  ```yaml
+  stages:
+    - build
+    - test
+    - deploy
+    - dast
+  ```
+
+## Recommendations
+
+- Take care if your pipeline is configured to deploy to the same web server in each run. Running a DAST scan while a server is being updated leads to inaccurate and non-deterministic results.
+- Configure runners to use the [always pull policy](https://docs.gitlab.com/runner/executors/docker.html#using-the-always-pull-policy) to run the latest versions of the analyzers.
+- By default, DAST downloads all artifacts defined by previous jobs in the pipeline. If
+  your DAST job does not rely on `environment_url.txt` to define the URL under test or any other files created
+  in previous jobs, we recommend you don't download artifacts. To avoid downloading
+  artifacts, extend the analyzer CI/CD job to specify no dependencies. For example, for the DAST proxy-based analyzer add the following to your `.gitlab-ci.yml` file:
+
+  ```yaml
+  dast:
+    dependencies: []
+  ```
+
+## Application deployment options
+
+DAST requires a deployed application to be available to scan.
+
+Depending on the complexity of the target application, there are a few options as to how to deploy and configure
+the DAST template. A set of example applications have been provided with their configurations in the
+[DAST demonstrations](https://gitlab.com/gitlab-org/security-products/demos/dast/) project.
+
+### Review Apps
+
+Review Apps are the most involved method of deploying your DAST target application. To assist in the process,
+we created a Review App deployment using Google Kubernetes Engine (GKE). This example can be found in our
+[Review Apps - GKE](https://gitlab.com/gitlab-org/security-products/demos/dast/review-app-gke) project, along with detailed
+instructions in the [README.md](https://gitlab.com/gitlab-org/security-products/demos/dast/review-app-gke/-/blob/master/README.md)
+on how to configure Review Apps for DAST.
+
+### Docker Services
+
+If your application uses Docker containers you have another option for deploying and scanning with DAST.
+After your Docker build job completes and your image is added to your container registry, you can use the image as a
+[service](../../../../../ci/services/index.md).
+
+By using service definitions in your `.gitlab-ci.yml`, you can scan services with the DAST analyzer.
+
+When adding a `services` section to the job, the `alias` is used to define the hostname that can be used to access the service. In the following example, the `alias: yourapp` portion of the `dast` job definition means that the URL to the deployed application uses `yourapp` as the hostname (`https://yourapp/`).
+
+```yaml
+stages:
+  - build
+  - dast
+
+include:
+  - template: DAST.gitlab-ci.yml
+
+# Deploys the container to the GitLab container registry
+deploy:
+  services:
+  - name: docker:dind
+    alias: dind
+  image: docker:20.10.16
+  stage: build
+  script:
+    - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
+    - docker pull $CI_REGISTRY_IMAGE:latest || true
+    - docker build --tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA --tag $CI_REGISTRY_IMAGE:latest .
+    - docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
+    - docker push $CI_REGISTRY_IMAGE:latest
+
+dast:
+  services: # use services to link your app container to the dast job
+    - name: $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
+      alias: yourapp
+
+variables:
+  DAST_WEBSITE: https://yourapp
+  DAST_FULL_SCAN_ENABLED: "true" # do a full scan
+  DAST_BROWSER_SCAN: "true" # use the browser-based GitLab DAST crawler
+```
+
+Most applications depend on multiple services such as databases or caching services. By default, services defined in the services fields cannot communicate
+with each another. To allow communication between services, enable the `FF_NETWORK_PER_BUILD` [feature flag](https://docs.gitlab.com/runner/configuration/feature-flags.html#available-feature-flags).
+
+```yaml
+variables:
+  FF_NETWORK_PER_BUILD: "true" # enable network per build so all services can communicate on the same network
+
+services: # use services to link the container to the dast job
+  - name: mongo:latest
+    alias: mongo
+  - name: $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
+    alias: yourapp
+```
diff --git a/doc/user/application_security/dast/browser/configuration/variables.md b/doc/user/application_security/dast/browser/configuration/variables.md
new file mode 100644
index 00000000000..f116095c9f1
--- /dev/null
+++ b/doc/user/application_security/dast/browser/configuration/variables.md
@@ -0,0 +1,75 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+type: reference, howto
+---
+
+# Available CI/CD variables
+
+These CI/CD variables are specific to the browser-based DAST analyzer. They can be used to customize the behavior of
+DAST to your requirements.
+For authentication CI/CD variables, see [Authentication](authentication.md).
+
+| CI/CD variable                              | Type                                                     | Example                                | Description                                                                                                                                                                                                                                                                   |
+|:--------------------------------------------|:---------------------------------------------------------|----------------------------------------|:------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| `DAST_ADVERTISE_SCAN`                       | boolean                                                  | `true`                                 | Set to `true` to add a `Via` header to every request sent, advertising that the request was sent as part of a GitLab DAST scan. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/334947) in GitLab 14.1.                                                            |
+| `DAST_AUTH_COOKIES`                            | string                                    |  | Set to a comma-separated list of cookie names to specify which cookies are used for authentication.                                                                                                                                                                                             |
+| `DAST_AUTH_DISABLE_CLEAR_FIELDS`               | boolean                                   |  | Disables clearing of username and password fields before attempting manual login. Set to `false` by default.
+| `DAST_AUTH_REPORT`                             | boolean                                   |  | Set to `true` to generate a report detailing steps taken during the authentication process. You must also define `gl-dast-debug-auth-report.html` as a CI job artifact to be able to access the generated report. The report's content aids when debugging authentication failures.             |
+| `DAST_AUTH_TYPE`                        | string                                    |  | The authentication type to use. Example: `basic-digest`.                                                                                                                                                                                                                                        |
+| `DAST_AUTH_URL`                      | URL                                       |  | The URL of the page containing the login form on the target website. `DAST_USERNAME` and `DAST_PASSWORD` are submitted with the login form to create an authenticated scan. Example: `https://login.example.com`.                                                                               |
+| `DAST_AUTH_VERIFICATION_LOGIN_FORM`            | boolean                                   |  | Verifies successful authentication by checking for the absence of a login form after the login form has been submitted.                                                                                                                                                                         |
+| `DAST_AUTH_VERIFICATION_SELECTOR`              | [selector](authentication.md#finding-an-elements-selector) |  | A selector describing an element whose presence is used to determine if authentication has succeeded after the login form is submitted. Example: `css:.user-photo`.                                                                                                                             |
+| `DAST_AUTH_VERIFICATION_URL`      | URL                                       |  | A URL that is compared to the URL in the browser to determine if authentication has succeeded after the login form is submitted. Example: `"https://example.com/loggedin_page"`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/207335) in GitLab 13.8.                             |
+| `DAST_BROWSER_PATH_TO_LOGIN_FORM` | [selector](authentication.md#finding-an-elements-selector) |  | A comma-separated list of selectors representing elements to click on prior to entering the `DAST_USERNAME` and `DAST_PASSWORD` into the login form. Example: `"css:.navigation-menu,css:.login-menu-item"`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/326633) in GitLab 14.1. |
+| `DAST_BROWSER_ACTION_STABILITY_TIMEOUT`     | [Duration string](https://pkg.go.dev/time#ParseDuration) | `800ms`                                | The maximum amount of time to wait for a browser to consider a page loaded and ready for analysis after completing an action.                                                                                                                                                 |
+| `DAST_BROWSER_ACTION_TIMEOUT`               | [Duration string](https://pkg.go.dev/time#ParseDuration) | `7s`                                   | The maximum amount of time to wait for a browser to complete an action.                                                                                                                                                                                                       |
+| `DAST_BROWSER_ALLOWED_HOSTS`                | List of strings                                          | `site.com,another.com`                 | Hostnames included in this variable are considered in scope when crawled. By default the `DAST_WEBSITE` hostname is included in the allowed hosts list. Headers set using `DAST_REQUEST_HEADERS` are added to every request made to these hostnames.                          |
+| `DAST_BROWSER_COOKIES`                      | dictionary                                               | `abtesting_group:3,region:locked`      | A cookie name and value to be added to every request.                                                                                                                                                                                                                         |
+| `DAST_BROWSER_CRAWL_GRAPH`                  | boolean                                                  | `true`                                 | Set to `true` to generate an SVG graph of navigation paths visited during crawl phase of the scan. You must also define `gl-dast-crawl-graph.svg` as a CI job artifact to be able to access the generated graph.                                                              |
+| `DAST_BROWSER_CRAWL_TIMEOUT`                | [Duration string](https://pkg.go.dev/time#ParseDuration) | `5m`                                   | The maximum amount of time to wait for the crawl phase of the scan to complete. Defaults to `24h`.                                                                                                                                                                            |
+| `DAST_BROWSER_DEVTOOLS_LOG`                 | string                                                   | `Default:messageAndBody,truncate:2000` | Set to log protocol messages between DAST and the Chromium browser.                                                                                                                                                                                                           |
+| `DAST_BROWSER_DOM_READY_AFTER_TIMEOUT`      | [Duration string](https://pkg.go.dev/time#ParseDuration) | `200ms`                                | Define how long to wait for updates to the DOM before checking a page is stable. Defaults to `500ms`.                                                                                                                                                                         |
+| `DAST_BROWSER_ELEMENT_TIMEOUT`              | [Duration string](https://pkg.go.dev/time#ParseDuration) | `600ms`                                | The maximum amount of time to wait for an element before determining it is ready for analysis.                                                                                                                                                                                |
+| `DAST_BROWSER_EXCLUDED_ELEMENTS`            | selector                                                 | `a[href='2.html'],css:.no-follow`      | Comma-separated list of selectors that are ignored when scanning.                                                                                                                                                                                                             |
+| `DAST_BROWSER_EXCLUDED_HOSTS`               | List of strings                                          | `site.com,another.com`                 | Hostnames included in this variable are considered excluded and connections are forcibly dropped.                                                                                                                                                                             |
+| `DAST_BROWSER_EXTRACT_ELEMENT_TIMEOUT`      | [Duration string](https://pkg.go.dev/time#ParseDuration) | `5s`                                   | The maximum amount of time to allow the browser to extract newly found elements or navigations.                                                                                                                                                                               |
+| `DAST_BROWSER_FILE_LOG`                     | List of strings                                          | `brows:debug,auth:debug`               | A list of modules and their intended logging level for use in the file log.                                                                                                                                                                                                   |
+| `DAST_BROWSER_FILE_LOG_PATH`                | string                                                   | `/output/browserker.log`               | Set to the path of the file log.                                                                                                                                                                                                                                              |
+| `DAST_BROWSER_IGNORED_HOSTS`                | List of strings                                          | `site.com,another.com`                 | Hostnames included in this variable are accessed, not attacked, and not reported against.                                                                                                                                                                                     |
+| `DAST_BROWSER_INCLUDE_ONLY_RULES`           | List of strings                                          | `16.1,16.2,16.3`                       | Comma-separated list of check identifiers to use for the scan.                                                                                                                                                                                                                |
+| `DAST_BROWSER_LOG`                          | List of strings                                          | `brows:debug,auth:debug`               | A list of modules and their intended logging level for use in the console log.                                                                                                                                                                                                |
+| `DAST_BROWSER_LOG_CHROMIUM_OUTPUT`          | boolean                                                  | `true`                                 | Set to `true` to log Chromium `STDOUT` and `STDERR`.                                                                                                                                                                                                                          |
+| `DAST_BROWSER_MAX_ACTIONS`                  | number                                                   | `10000`                                | The maximum number of actions that the crawler performs. For example, selecting a link, or filling a form.                                                                                                                                                                    |
+| `DAST_BROWSER_MAX_DEPTH`                    | number                                                   | `10`                                   | The maximum number of chained actions that the crawler takes. For example, `Click -> Form Fill -> Click` is a depth of three.                                                                                                                                                 |
+| `DAST_BROWSER_MAX_RESPONSE_SIZE_MB`         | number                                                   | `15`                                   | The maximum size of a HTTP response body. Responses with bodies larger than this are blocked by the browser. Defaults to 10 MB.                                                                                                                                               |
+| `DAST_BROWSER_NAVIGATION_STABILITY_TIMEOUT` | [Duration string](https://pkg.go.dev/time#ParseDuration) | `7s`                                   | The maximum amount of time to wait for a browser to consider a page loaded and ready for analysis after a navigation completes. Defaults to `800ms`.|
+| `DAST_BROWSER_NAVIGATION_TIMEOUT`           | [Duration string](https://pkg.go.dev/time#ParseDuration) | `15s`                                  | The maximum amount of time to wait for a browser to navigate from one page to another.                                                                                                                                                                                        |
+| `DAST_BROWSER_NUMBER_OF_BROWSERS`           | number                                                   | `3`                                    | The maximum number of concurrent browser instances to use. For shared runners on GitLab.com, we recommended a maximum of three. Private runners with more resources may benefit from a higher number, but are likely to produce little benefit after five to seven instances. |
+| `DAST_BROWSER_PAGE_LOADING_SELECTOR`        | selector                                                 | `css:#page-is-loading`                 | Selector that when is no longer visible on the page, indicates to the analyzer that the page has finished loading and the scan can continue. Cannot be used with `DAST_BROWSER_PAGE_READY_SELECTOR`.                                                                          |
+| `DAST_BROWSER_PAGE_READY_SELECTOR`          | selector                                                 | `css:#page-is-ready`                   | Selector that when detected as visible on the page, indicates to the analyzer that the page has finished loading and the scan can continue. Cannot be used with `DAST_BROWSER_PAGE_LOADING_SELECTOR`.                                                                         |
+| `DAST_BROWSER_PASSIVE_CHECK_WORKERS`        | int                                                      | `5`                                    | Number of workers that passive scan in parallel. Recommend setting to the number of available CPUs.                                                                                                                                                                           |
+| `DAST_BROWSER_SCAN`                         | boolean                                                  | `true`                                 | Required to be `true` to run a browser-based scan.                                                                                                                                                                                                                            |
+| `DAST_BROWSER_SEARCH_ELEMENT_TIMEOUT`       | [Duration string](https://pkg.go.dev/time#ParseDuration) | `3s`                                   | The maximum amount of time to allow the browser to search for new elements or user actions.                                                                                                                                                                                   |
+| `DAST_BROWSER_STABILITY_TIMEOUT`            | [Duration string](https://pkg.go.dev/time#ParseDuration) | `7s`                                   | The maximum amount of time to wait for a browser to consider a page loaded and ready for analysis.                                                                                                                                                                            |
+| `DAST_EXCLUDE_RULES`                        | string                                                   | `10020,10026`                          | Set to a comma-separated list of ZAP Vulnerability Rule IDs to exclude them from running during the scan. Rule IDs are numbers and can be found from the DAST log or on the [ZAP project](https://www.zaproxy.org/docs/alerts/).                                              |
+| `DAST_EXCLUDE_URLS`                         | URLs                                                     | `https://example.com/.*/sign-out`      | The URLs to skip during the authenticated scan; comma-separated. Regular expression syntax can be used to match multiple URLs. For example, `.*` matches an arbitrary character sequence.                                                                                     |
+| `DAST_FF_ENABLE_BAS`                        | boolean                                                  | `true`                                 | Set to `true` to [enable Breach and Attack Simulation](../../../breach_and_attack_simulation/index.md#extend-dynamic-application-security-testing-dast) during this DAST scan. |
+| `DAST_FIRST_SUBMIT_FIELD`                      | [selector](authentication.md#finding-an-elements-selector) |  | A selector describing the element that is clicked on to submit the username form of a multi-page login process. For example, `css:button[type='user-submit']`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/9894) in GitLab 12.4.                                                 |
+| `DAST_FULL_SCAN_ENABLED`                    | boolean                                                  | `true`                                 | Set to `true` to run both passive and active checks. Default: `false`                                                                                                                                                                                                         |
+| `DAST_PASSWORD`                    | string                                    |  | The password to authenticate to in the website. Example: `P@55w0rd!`                                                                                                                                                                                                                            |
+| `DAST_PASSWORD_FIELD`                          | [selector](authentication.md#finding-an-elements-selector) |  | A selector describing the element used to enter the password on the login form. Example: `id:password`                                                                                                                                                                                      |
+| `DAST_PATHS`                                | string                                                   | `/page1.html,/category1/page3.html`    | Set to a comma-separated list of URL paths relative to `DAST_WEBSITE` for DAST to scan.                                                                                                                                                                                       |
+| `DAST_PATHS_FILE`                           | string                                                   | `/builds/project/urls.txt`             | Set to a file path containing a list of URL paths relative to `DAST_WEBSITE` for DAST to scan. The file must be plain text with one path per line.                                                                                                                            |
+| `DAST_PKCS12_CERTIFICATE_BASE64`            | string                                                   | `ZGZkZ2p5NGd...`                       | The PKCS12 certificate used for sites that require Mutual TLS. Must be encoded as base64 text.                                                                                                                                                                                |
+| `DAST_PKCS12_PASSWORD`                      | string                                                   | `password`                             | The password of the certificate used in `DAST_PKCS12_CERTIFICATE_BASE64`. Create sensitive [custom CI/CI variables](../../../../../ci/variables/index.md#define-a-cicd-variable-in-the-ui) using the GitLab UI.                                                                     |
+| `DAST_REQUEST_HEADERS`                      | string                                                   | `Cache-control:no-cache`               | Set to a comma-separated list of request header names and values.                                                                                                                                                                                                             |
+| `DAST_SKIP_TARGET_CHECK`                    | boolean                                                  | `true`                                 | Set to `true` to prevent DAST from checking that the target is available before scanning. Default: `false`.                                                                                                                                                                   |
+| `DAST_SUBMIT_FIELD`                            | [selector](authentication.md#finding-an-elements-selector) |  | A selector describing the element clicked on to submit the login form for a single-page login form, or the password form for a multi-page login form. For example, `css:button[type='submit']`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/9894) in GitLab 12.4.                |
+| `DAST_TARGET_AVAILABILITY_TIMEOUT`          | number                                                   | `60`                                   | Time limit in seconds to wait for target availability.                                                                                                                                                                                                                        |
+| `DAST_USERNAME`                    | string                                    |  | The username to authenticate to in the website. Example: `admin`                                                                                                                                                                                                                                |
+| `DAST_USERNAME_FIELD`              | [selector](authentication.md#finding-an-elements-selector) |  | A selector describing the element used to enter the username on the login form. Example: `name:username`                                                                                                                                                                                    |
+  |
+| `DAST_WEBSITE`                              | URL                                                      | `https://example.com`                  | The URL of the website to scan.                                                                                                                                                                                                                                               |
+| `SECURE_ANALYZERS_PREFIX`                   | URL                                                      | `registry.organization.com`            | Set the Docker registry base address from which to download the analyzer.                                                                                                                                                                                                     |
diff --git a/doc/user/application_security/dast/browser/img/dast_auth_browser_scan_highlight.png b/doc/user/application_security/dast/browser/img/dast_auth_browser_scan_highlight.png
new file mode 100644
index 00000000000..3369956a5ed
Binary files /dev/null and b/doc/user/application_security/dast/browser/img/dast_auth_browser_scan_highlight.png differ
diff --git a/doc/user/application_security/dast/browser/img/dast_auth_browser_scan_search_elements.png b/doc/user/application_security/dast/browser/img/dast_auth_browser_scan_search_elements.png
new file mode 100644
index 00000000000..34e7a2e4ab4
Binary files /dev/null and b/doc/user/application_security/dast/browser/img/dast_auth_browser_scan_search_elements.png differ
diff --git a/doc/user/application_security/dast/browser/img/dast_auth_report.jpg b/doc/user/application_security/dast/browser/img/dast_auth_report.jpg
new file mode 100644
index 00000000000..5d9d98045ef
Binary files /dev/null and b/doc/user/application_security/dast/browser/img/dast_auth_report.jpg differ
diff --git a/doc/user/application_security/dast/browser/img/dast_urls_scanned_v12_10.png b/doc/user/application_security/dast/browser/img/dast_urls_scanned_v12_10.png
new file mode 100644
index 00000000000..9f277dcb578
Binary files /dev/null and b/doc/user/application_security/dast/browser/img/dast_urls_scanned_v12_10.png differ
diff --git a/doc/user/application_security/dast/browser/index.md b/doc/user/application_security/dast/browser/index.md
new file mode 100644
index 00000000000..88ffb6d061f
--- /dev/null
+++ b/doc/user/application_security/dast/browser/index.md
@@ -0,0 +1,106 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+type: reference, howto
+---
+
+# DAST browser-based analyzer
+
+DETAILS:
+**Tier:** Ultimate
+**Offering:** SaaS, self-managed
+
+> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/323423) in GitLab 13.12 as a Beta feature.
+> - [Generally available](https://gitlab.com/groups/gitlab-org/-/epics/9023) in GitLab 15.7 (GitLab DAST v3.0.50).
+
+If you deploy your web application into a new environment, your application may
+become exposed to new types of attacks. For example, misconfigurations of your
+application server or incorrect assumptions about security controls may not be
+visible from the source code.
+
+Dynamic Application Security Testing (DAST) examines applications for
+vulnerabilities like these in deployed environments.
+
+<i class="fa fa-youtube-play youtube" aria-hidden="true"></i>
+For an overview, see [Dynamic Application Security Testing (DAST)](https://www.youtube.com/watch?v=nbeDUoLZJTo).
+
+NOTE:
+To learn how four of the top six attacks were application-based and how
+to protect your organization, download our
+["A Seismic Shift in Application Security"](https://about.gitlab.com/resources/whitepaper-seismic-shift-application-security/)
+whitepaper.
+
+WARNING:
+Do not run DAST scans against a production server. Not only can it perform *any* function that
+a user can, such as clicking buttons or submitting forms, but it may also trigger bugs, leading to modification or loss of production data. Only run DAST scans against a test server.
+
+The DAST browser-based analyzer was built by GitLab to scan modern-day web applications for vulnerabilities.
+Scans run in a browser to optimize testing applications heavily dependent on JavaScript, such as single-page applications.
+See [how DAST scans an application](#how-dast-scans-an-application) for more information.
+
+To add the analyzer to your CI/CD pipeline, see [enabling the analyzer](configuration/enabling_the_analyzer.md).
+
+## How DAST scans an application
+
+A scan performs the following steps:
+
+1. [Authenticate](configuration/authentication.md), if configured.
+1. [Crawl](#crawling-an-application) the target application to discover the surface area of the application by performing user actions such as following links, clicking buttons, and filling out forms.
+1. [Passive scan](#passive-scans) to search for vulnerabilities in HTTP messages and pages discovered while crawling.
+1. [Active scan](#active-scans) to search for vulnerabilities by injecting payloads into HTTP requests recorded during the crawl phase.
+
+### Crawling an application
+
+A "navigation" is an action a user might take on a page, such as clicking buttons, clicking anchor links, opening menu items, or filling out forms.
+A "navigation path" is a sequence of navigation actions representing how a user might traverse an application.
+DAST discovers the surface area of an application by crawling pages and content and identifying navigation paths.
+
+Crawling is initialized with a navigation path containing one navigation that loads the target application URL in a specially-instrumented Chromium browser.
+DAST then crawls navigation paths until all have been crawled.
+
+To crawl a navigation path, DAST opens a browser window and instructs it to perform all the navigation actions in the navigation path.
+When the browser has finished loading the result of the final action, DAST inspects the page for actions a user might take,
+creates a new navigation for each found, and adds them to the navigation path to form new navigation paths. For example:
+
+1. DAST processes navigation path `LoadURL[https://example.com]`.
+1. DAST finds two user actions, `LeftClick[class=menu]` and `LeftClick[id=users]`.
+1. DAST creates two new navigation paths, `LoadURL[https://example.com] -> LeftClick[class=menu]` and `LoadURL[https://example.com] -> LeftClick[id=users]`.
+1. Crawling begins on the two new navigation paths.
+
+It's common for an HTML element to exist in multiple places in an application, such as a menu visible on every page.
+Duplicate elements can cause crawlers to crawl the same pages again or become stuck in a loop.
+DAST uses an element uniqueness calculation based on HTML attributes to discard new navigation actions it has previously crawled.
+
+### Passive scans
+
+Passive scans check for vulnerabilities in the pages discovered during the crawl phase of the scan.
+Passive scans are enabled by default.
+
+The checks search HTTP messages, cookies, storage events, console events, and DOM for vulnerabilities.
+Examples of passive checks include searching for exposed credit cards, exposed secret tokens, missing content security policies, and redirection to untrusted locations.
+
+See [checks](checks/index.md) for more information about individual checks.
+
+### Active scans
+
+Active scans check for vulnerabilities by injecting attack payloads into HTTP requests recorded during the crawl phase of the scan.
+Active scans are disabled by default due to the nature of their probing attacks.
+
+DAST analyzes each recorded HTTP request for injection locations, such as query values, header values, cookie values, form posts, and JSON string values.
+Attack payloads are injected into the injection location, forming a new request.
+DAST sends the request to the target application and uses the HTTP response to determine attack success.
+
+Active scans run two types of active check:
+
+- A match response attack analyzes the response content to determine attack success. For example, if an attack attempts to read the system password file, a finding is created when the response body contains evidence of the password file.
+- A timing attack uses the response time to determine attack success. For example, if an attack attempts to force the target application to sleep, a finding is created when the application takes longer to respond than the sleep time. Timing attacks are repeated multiple times with different attack payloads to minimize false positives.
+
+A simplified timing attack works as follows:
+
+1. The crawl phase records the HTTP request `https://example.com?search=people`.
+1. DAST analyzes the URL and finds a URL parameter injection location `https://example.com?search=[INJECT]`.
+1. The active check defines a payload, `sleep 10`, that attempts to get a Linux host to sleep.
+1. DAST send a new HTTP request to the target application with the injected payload `https://example.com?search=sleep%2010`.
+1. The target application is vulnerable if it executes the query parameter value as a system command without validation, for example, `system(params[:search])`
+1. DAST creates a finding if the response time takes longer than 10 seconds.
diff --git a/doc/user/application_security/dast/browser/troubleshooting.md b/doc/user/application_security/dast/browser/troubleshooting.md
new file mode 100644
index 00000000000..9c5f3c6bbc0
--- /dev/null
+++ b/doc/user/application_security/dast/browser/troubleshooting.md
@@ -0,0 +1,301 @@
+---
+stage: Secure
+group: Dynamic Analysis
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
+type: reference, howto
+---
+
+# Troubleshooting
+
+The following troubleshooting scenarios have been collected from customer support cases. If you
+experience a problem not addressed here, or the information here does not fix your problem, create a
+support ticket. For more details, see the [GitLab Support](https://about.gitlab.com/support/) page.
+
+## When something goes wrong
+
+When something goes wrong with a DAST scan, if you have a particular error message then check [known problems](#known-problems).
+
+Otherwise, try to discover the problem by answering the following questions:
+
+- [What is the expected outcome?](#what-is-the-expected-outcome)
+- [Is the outcome achievable by a human?](#is-the-outcome-achievable-by-a-human)
+- [Any reason why DAST would not work?](#any-reason-why-dast-would-not-work)
+- [How does your application work?](#how-does-your-application-work)
+- [What is DAST doing?](#what-is-dast-doing)
+
+### What is the expected outcome?
+
+Many users who encounter issues with a DAST scan have a good high-level idea of what they think the scanner should be doing. For example,
+it's not scanning particular pages, or it's not selecting a button on the page.
+
+As much as possible, try to isolate the problem to help narrow the search for a solution. For example, take the situation where DAST isn't scanning a particular page.
+From where should DAST have found the page? What path did it take to navigate there? Were there elements on the referring page that DAST should have selected, but did not?
+
+### Is the outcome achievable by a human?
+
+DAST cannot scan an application if a human cannot manually traverse the application.
+
+Knowing the outcome you expect, try to replicate it manually using a browser on your machine. For example:
+
+- Open a new incognito/private browser window.
+- Open Developer Tools. Keep an eye on the console for error messages.
+  - In Chrome: `View -> Developer -> Developer Tools`.
+  - In Firefox: `Tools -> Browser Tools -> Web Developer Tools`.
+- If authenticating:
+  - Navigate to the `DAST_AUTH_URL`.
+  - Type in the `DAST_USERNAME` in the `DAST_USERNAME_FIELD`.
+  - Type in the `DAST_PASSWORD` in the `DAST_PASSWORD_FIELD`.
+  - Select the `DAST_SUBMIT_FIELD`.
+- Select links and fill in forms. Navigate to the pages that aren't scanning correctly.
+- Observe how your application behaves. Notice if there is anything that might cause problems for an automated scanner.
+
+### Any reason why DAST would not work?
+
+DAST cannot scan correctly when:
+
+- There is a CAPTCHA. Turn these off in the testing environment for the application being scanned.
+- It does not have access to the target application. Ensure the GitLab Runner can access the application using the URLs used in the DAST configuration.
+
+### How does your application work?
+
+Understanding how your application works is vital to figuring out why a DAST scan isn't working. For example, the following situations
+may require additional configuration settings.
+
+- Is there a popup modal that hides elements?
+- Does a loaded page change dramatically after a certain period of time?
+- Is the application especially slow or fast to load?
+- Is the target application jerky while loading?
+- Does the application work differently based on the client's location?
+- Is the application a single-page application?
+- Does the application submit HTML forms, or does it use JavaScript and AJAX?
+- Does the application use websockets?
+- Does the application use a specific web framework?
+- Does selecting buttons run JavaScript before continuing the form submit? Is it fast, slow?
+- Is it possible DAST could be selecting or searching for elements before either the element or page is ready?
+
+### What is DAST doing?
+
+Logging remains the best way to understand what DAST is doing:
+
+- [Browser-based analyzer logging](#browser-based-analyzer-logging), useful for understanding what the analyzer is doing.
+- [Chromium DevTools logging](#chromium-devtools-logging), useful to inspect the communication between DAST and Chromium.
+- [Chromium Logs](#chromium-logs), useful for logging errors when Chromium crashes unexpectedly.
+
+## Browser-based analyzer logging
+
+The analyzer log is one of the most useful tools to help diagnose problems with a scan. Different parts of the analyzer can be logged at different levels.
+
+### Log message format
+
+Log messages have the format `[time] [log level] [log module] [message] [additional properties]`.
+
+For example, the following log entry has level `INFO`, is part of the `CRAWL` log module, has the message `Crawled path` and the additional properties `nav_id` and `path`.
+
+```txt
+2021-04-21T00:34:04.000 INF CRAWL Crawled path nav_id=0cc7fd path="LoadURL [https://my.site.com:8090]"
+```
+
+### Log destination
+
+Logs are sent either to file or to console (the CI/CD job log). You can configure each destination to accept different logs using
+the environment variables `DAST_BROWSER_LOG` for console logs and `DAST_BROWSER_FILE_LOG` for file logs.
+
+For example:
+
+```yaml
+include:
+  - template: DAST.gitlab-ci.yml
+
+dast:
+  variables:
+    DAST_BROWSER_SCAN: "true"
+    DAST_BROWSER_LOG: "auth:debug"                               # console log defaults to INFO level, logs AUTH module at DEBUG
+    DAST_BROWSER_FILE_LOG: "loglevel:debug,cache:warn"           # file log defaults to DEBUG level, logs CACHE module at WARN
+    DAST_BROWSER_FILE_LOG_PATH: "$CI_PROJECT_DIR/dast-scan.log"  # Save the file log in the project directory so it can be recognized as an artifact
+  artifacts:
+    paths:
+      - dast-scan.log
+    when: always
+```
+
+### Log levels
+
+The log levels that can be configured are as follows:
+
+| Log module              | Component overview                                                       | More                             |
+|-------------------------|--------------------------------------------------------------------------|----------------------------------|
+| `TRACE`                 | Used for specific, often noisy inner workings of a feature.              |                                  |
+| `DEBUG`                 | Describes the inner-workings of a feature. Used for diagnostic purposes. |                                  |
+| `INFO`                  | Describes the high level flow of the scan and the results.               | Default level if none specified. |
+| `WARN`                  | Describes an error situation where DAST recovers and continues the scan. |                                  |
+| `FATAL`/`ERROR`/`PANIC` | Describes unrecoverable errors prior to exit.                            |                                  |
+
+### Log modules
+
+`LOGLEVEL` configures the default log level for the log destination. If any of the following modules are configured,
+DAST uses the log level for that module in preference to the default log level.
+
+The modules that can be configured for logging are as follows:
+
+| Log module | Component overview                                                                                |
+|------------|---------------------------------------------------------------------------------------------------|
+| `ACTIV`    | Used for active attacks.                                                                          |
+| `AUTH`     | Used for creating an authenticated scan.                                                          |
+| `BPOOL`    | The set of browsers that are leased out for crawling.                                             |
+| `BROWS`    | Used for querying the state or page of the browser.                                               |
+| `CACHE`    | Used for reporting on cache hit and miss for cached HTTP resources.                               |
+| `CHROM`    | Used to log Chrome DevTools messages.                                                             |
+| `CONTA`    | Used for the container that collects parts of HTTP requests and responses from DevTools messages. |
+| `CRAWL`    | Used for the core crawler algorithm.                                                              |
+| `DATAB`    | Used for persisting data to the internal database.                                                |
+| `LEASE`    | Used to create browsers to add them to the browser pool.                                          |
+| `MAIN`     | Used for the flow of the main event loop of the crawler.                                          |
+| `NAVDB`    | Used for persistence mechanisms to store navigation entries.                                      |
+| `REGEX`    | Used for recording performance statistics when running regular expressions.                       |
+| `REPT`     | Used for generating reports.                                                                      |
+| `STAT`     | Used for general statistics while running the scan.                                               |
+| `VLDFN`    | Used for loading and parsing vulnerability definitions.                                           |
+| `WEBGW`    | Used to log messages sent to the target application when running active checks.                   |
+
+### Example - log crawled paths
+
+Set the log module `CRAWL` to `DEBUG` to log navigation paths found during the crawl phase of the scan. This is useful for understanding
+if DAST is crawling your target application correctly.
+
+```yaml
+include:
+  - template: DAST.gitlab-ci.yml
+
+dast:
+  variables:
+    DAST_BROWSER_LOG: "crawl:debug"
+```
+
+For example, the following output shows that four anchor links we discovered during the crawl of the page at `https://example.com`.
+
+```plaintext
+2022-11-17T11:18:05.578 DBG CRAWL executing step nav_id=6ec647d8255c729160dd31cb124e6f89 path="LoadURL [https://example.com]" step=1
+...
+2022-11-17T11:18:11.900 DBG CRAWL found new navigations browser_id=2243909820020928961 nav_count=4 nav_id=6ec647d8255c729160dd31cb124e6f89 of=1 step=1
+2022-11-17T11:18:11.901 DBG CRAWL adding navigation action="LeftClick [a href=/page1.html]" nav=bd458cc1fc2d7c6fb984464b6d968866 parent_nav=6ec647d8255c729160dd31cb124e6f89
+2022-11-17T11:18:11.901 DBG CRAWL adding navigation action="LeftClick [a href=/page2.html]" nav=6dcb25f9f9ece3ee0071ac2e3166d8e6 parent_nav=6ec647d8255c729160dd31cb124e6f89
+2022-11-17T11:18:11.901 DBG CRAWL adding navigation action="LeftClick [a href=/page3.html]" nav=89efbb0c6154d6c6d85a63b61a7cdc6f parent_nav=6ec647d8255c729160dd31cb124e6f89
+2022-11-17T11:18:11.901 DBG CRAWL adding navigation action="LeftClick [a href=/page4.html]" nav=f29b4f4e0bdee70f5255de7fc080f04d parent_nav=6ec647d8255c729160dd31cb124e6f89
+```
+
+## Chromium DevTools logging
+
+WARNING:
+Logging DevTools messages is a security risk. The output contains secrets such as usernames, passwords and authentication tokens.
+The output is uploaded to the GitLab server and may be visible in job logs.
+
+The DAST Browser-based scanner orchestrates a Chromium browser using the [Chrome DevTools Protocol](https://chromedevtools.github.io/devtools-protocol/).
+Logging DevTools messages helps provide transparency into what the browser is doing. For example, if selecting a button does not work, a DevTools message might show that the cause is a CORS error in a browser console log.
+Logs that contain DevTools messages can be very large in size. For this reason, it should only be enabled on jobs with a short duration.
+
+To log all DevTools messages, turn the `CHROM` log module to `trace` and configure logging levels. The following are examples of DevTools logs:
+
+```plaintext
+2022-12-05T06:27:24.280 TRC CHROM event received    {"method":"Fetch.requestPaused","params":{"requestId":"interception-job-3.0","request":{"url":"http://auth-auto:8090/font-awesome.min.css","method":"GET","headers":{"Accept":"text/css,*/*;q=0.1","Referer":"http://auth-auto:8090/login.html","User-Agent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/105.0.5195.102 Safari/537.36"},"initialPriority":"VeryHigh","referrerPolicy":"strict-origin-when-cross-origin"},"frameId":"A706468B01C2FFAA2EB6ED365FF95889","resourceType":"Stylesheet","networkId":"39.3"}} method=Fetch.requestPaused
+2022-12-05T06:27:24.280 TRC CHROM request sent      {"id":47,"method":"Fetch.continueRequest","params":{"requestId":"interception-job-3.0","headers":[{"name":"Accept","value":"text/css,*/*;q=0.1"},{"name":"Referer","value":"http://auth-auto:8090/login.html"},{"name":"User-Agent","value":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/105.0.5195.102 Safari/537.36"}]}} id=47 method=Fetch.continueRequest
+2022-12-05T06:27:24.281 TRC CHROM response received {"id":47,"result":{}} id=47 method=Fetch.continueRequest
+```
+
+### Customizing DevTools log levels
+
+Chrome DevTools requests, responses and events are namespaced by domain. DAST allows each domain and each domain with message to have different logging configuration.
+The environment variable `DAST_BROWSER_DEVTOOLS_LOG` accepts a semi-colon separated list of logging configurations.
+Logging configurations are declared using the structure `[domain/message]:[what-to-log][,truncate:[max-message-size]]`.
+
+- `domain/message` references what is being logged.
+  - `Default` can be used as a value to represent all domains and messages.
+  - Can be a domain, for example, `Browser`, `CSS`, `Page`, `Network`.
+  - Can be a domain with a message, for example, `Network.responseReceived`.
+  - If multiple configurations apply, the most specific configuration is used.
+- `what-to-log` references whether and what to log.
+  - `message` logs that a message was received and does not log the message content.
+  - `messageAndBody` logs the message with the message content. Recommended to be used with `truncate`.
+  - `suppress` does not log the message. Used to silence noisy domains and messages.
+- `truncate` is an optional configuration to limit the size of the message printed.
+
+### Example - log all DevTools messages
+
+Used to log everything when you're not sure where to start.
+
+```yaml
+include:
+  - template: DAST.gitlab-ci.yml
+
+dast:
+  variables:
+    DAST_BROWSER_FILE_LOG: "chrom:trace"
+    DAST_BROWSER_FILE_LOG_PATH: "/zap/wrk/dast-scan.log"
+    DAST_BROWSER_DEVTOOLS_LOG: "Default:messageAndBody,truncate:2000"
+  artifacts:
+    paths:
+      - dast-scan.log
+    when: always
+```
+
+### Example - log HTTP messages
+
+Useful for when a resource isn't loading correctly. HTTP message events are logged, as is the decision to continue or
+fail the request. Any errors in the browser console are also logged.
+
+```yaml
+include:
+  - template: DAST.gitlab-ci.yml
+
+dast:
+  variables:
+    DAST_BROWSER_FILE_LOG: "chrom:trace"
+    DAST_BROWSER_FILE_LOG_PATH: "/zap/wrk/dast-scan.log"
+    DAST_BROWSER_DEVTOOLS_LOG: "Default:suppress;Fetch:messageAndBody,truncate:2000;Network:messageAndBody,truncate:2000;Log:messageAndBody,truncate:2000;Console:messageAndBody,truncate:2000"
+  artifacts:
+    paths:
+      - dast-scan.log
+    when: always
+```
+
+## Chromium logs
+
+In the rare event that Chromium crashes, it can be helpful to write the Chromium process `STDOUT` and `STDERR` to log.
+Setting the environment variable `DAST_BROWSER_LOG_CHROMIUM_OUTPUT` to `true` achieves this purpose.
+
+DAST starts and stops many Chromium processes. DAST sends each process output to all log destinations with the log module `LEASE` and log level `INFO`.
+
+For example:
+
+```yaml
+include:
+  - template: DAST.gitlab-ci.yml
+
+dast:
+  variables:
+    DAST_BROWSER_LOG_CHROMIUM_OUTPUT: "true"
+```
+
+## Known problems
+
+### Logs contain `response body exceeds allowed size`
+
+By default DAST processes HTTP requests where the HTTP response body is 10 MB or less. Otherwise, DAST blocks the response
+which can cause scans to fail. This constraint is intended to reduce memory consumption during a scan.
+
+An example log is as follows, where DAST blocked the JavaScript file found at `https://example.com/large.js` as it's size is greater than the limit:
+
+```plaintext
+2022-12-05T06:28:43.093 WRN BROWS response body exceeds allowed size allowed_size_bytes=1000000 browser_id=752944257619431212 nav_id=ae23afe2acbce2c537657a9112926f1a of=1 request_id=interception-job-2.0 response_size_bytes=9333408 step=1 url=https://example.com/large.js
+2022-12-05T06:28:58.104 WRN CONTA request failed, attempting to continue scan error=net::ERR_BLOCKED_BY_RESPONSE index=0 requestID=38.2 url=https://example.com/large.js
+```
+
+This can be changed using the configuration `DAST_MAX_RESPONSE_SIZE_MB`. For example,
+
+```yaml
+include:
+  - template: DAST.gitlab-ci.yml
+
+dast:
+  variables:
+    DAST_MAX_RESPONSE_SIZE_MB: "25"
+```
diff --git a/doc/user/application_security/dast/proxy-based.md b/doc/user/application_security/dast/proxy-based.md
index 21c6f0579cb..94cf7f0cf78 100644
--- a/doc/user/application_security/dast/proxy-based.md
+++ b/doc/user/application_security/dast/proxy-based.md
@@ -15,6 +15,11 @@ Proxy-based DAST is [deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/4
 We plan to [remove support for Proxy-based DAST](../../../update/deprecations.md#proxy-based-dast-deprecated). Migrate to [Browser-based DAST](browser_based.md)
 to continue analyzing your projects for security findings via dynamic analysis.
 
+WARNING:
+Proxy-based DAST is [deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/430966).
+We plan to [remove support for Proxy-based DAST](../../../update/deprecations.md#proxy-based-dast-deprecated). Migrate to [Browser-based DAST](browser_based.md)
+to continue analyzing your projects for security findings via dynamic analysis.
+
 The DAST proxy-based analyzer can be added to your [GitLab CI/CD](../../../ci/index.md) pipeline.
 This helps you discover vulnerabilities in web applications that do not use JavaScript heavily. For applications that do,
 see the [DAST browser-based analyzer](browser_based.md).
diff --git a/doc/user/application_security/vulnerability_report/index.md b/doc/user/application_security/vulnerability_report/index.md
index 8e4f8ae7fe5..889d4cd0dc3 100644
--- a/doc/user/application_security/vulnerability_report/index.md
+++ b/doc/user/application_security/vulnerability_report/index.md
@@ -138,9 +138,8 @@ The content of the Project filter depends on the current level:
 ### Activity filter
 
 > - Introduced in GitLab 16.7 [with a flag](../../../administration/feature_flags.md) named `activity_filter_has_remediations`. Disabled by default.
+> - [Generally available](https://gitlab.com/gitlab-org/gitlab/-/issues/429262) in GitLab 16.9. Feature flag `activity_filter_has_remediations` removed.
 
-FLAG:
-On self-managed GitLab, by default the Solution Available filter is not available. To make it available, an administrator can [enable the feature flag](../../../administration/feature_flags.md) named `activity_filter_has_remediations`. On GitLab.com, this feature is not available. This feature is not ready for production use.
 The activity filter behaves differently from the other filters. You can select only one value in
 each category. To remove a filter, from the activity filter dropdown list select the filter you want to remove.
 
diff --git a/lib/gitlab/application_rate_limiter.rb b/lib/gitlab/application_rate_limiter.rb
index 5a2881e6c96..2e992e38a44 100644
--- a/lib/gitlab/application_rate_limiter.rb
+++ b/lib/gitlab/application_rate_limiter.rb
@@ -65,6 +65,9 @@ module Gitlab
           bulk_import: { threshold: 6, interval: 1.minute },
           projects_api_rate_limit_unauthenticated: {
             threshold: -> { application_settings.projects_api_rate_limit_unauthenticated }, interval: 10.minutes
+          },
+          downstream_pipeline_trigger: {
+            threshold: -> { ::Ci::TriggerDownstreamPipelineService::DOWNSTREAM_PIPELINE_TRIGGER_LIMIT_PER_PROJECT_USER_SHA }, interval: 1.minute
           }
         }.freeze
       end
diff --git a/lib/gitlab/ci/status/build/failed.rb b/lib/gitlab/ci/status/build/failed.rb
index a136044c124..caaa4139f38 100644
--- a/lib/gitlab/ci/status/build/failed.rb
+++ b/lib/gitlab/ci/status/build/failed.rb
@@ -5,6 +5,7 @@ module Gitlab
     module Status
       module Build
         class Failed < Status::Extended
+          # rubocop: disable Layout/LineLength -- Long error messages
           REASONS = {
             unknown_failure: 'unknown failure',
             script_failure: 'script failure',
@@ -41,8 +42,10 @@ module Gitlab
             environment_creation_failure: 'environment creation failure',
             deployment_rejected: 'deployment rejected',
             ip_restriction_failure: 'IP address restriction failure',
-            failed_outdated_deployment_job: 'failed outdated deployment job'
+            failed_outdated_deployment_job: 'failed outdated deployment job',
+            reached_downstream_pipeline_trigger_rate_limit: 'Too many downstream pipelines triggered in the last minute. Try again later.'
           }.freeze
+          # rubocop: enable Layout/LineLength
 
           private_constant :REASONS
 
diff --git a/package.json b/package.json
index 9186a27a0e3..db0f7c7f7b9 100644
--- a/package.json
+++ b/package.json
@@ -60,7 +60,7 @@
     "@gitlab/cluster-client": "^2.1.0",
     "@gitlab/favicon-overlay": "2.0.0",
     "@gitlab/fonts": "^1.3.0",
-    "@gitlab/svgs": "3.78.0",
+    "@gitlab/svgs": "3.79.0",
     "@gitlab/ui": "^72.10.0",
     "@gitlab/visual-review-tools": "1.7.3",
     "@gitlab/web-ide": "^0.0.1-dev-20240125064919",
diff --git a/qa/qa/specs/features/browser_ui/4_verify/ci_job_artifacts/expose_job_artifacts_in_mr_spec.rb b/qa/qa/specs/features/browser_ui/4_verify/ci_job_artifacts/expose_job_artifacts_in_mr_spec.rb
index 5786b15508a..8e2ab12c5d9 100644
--- a/qa/qa/specs/features/browser_ui/4_verify/ci_job_artifacts/expose_job_artifacts_in_mr_spec.rb
+++ b/qa/qa/specs/features/browser_ui/4_verify/ci_job_artifacts/expose_job_artifacts_in_mr_spec.rb
@@ -16,13 +16,12 @@ module QA
         end
 
         let(:merge_request) do
-          Resource::MergeRequest.fabricate_via_api! do |merge_request|
-            merge_request.project = project
-            merge_request.description = 'Simple MR for a simple test'
-            merge_request.target_new_branch = false
-            merge_request.file_name = 'new_file.txt'
-            merge_request.file_content = 'Simple file for a simple MR'
-          end
+          create(:merge_request,
+            project: project,
+            description: 'Simple MR for a simple test',
+            target_new_branch: false,
+            file_name: 'new_file.txt',
+            file_content: 'Simple file for a simple MR')
         end
 
         before do
diff --git a/qa/qa/specs/features/browser_ui/5_package/container_registry/self_managed/container_registry_spec.rb b/qa/qa/specs/features/browser_ui/5_package/container_registry/self_managed/container_registry_spec.rb
index 065f86452bb..476bdcf6868 100644
--- a/qa/qa/specs/features/browser_ui/5_package/container_registry/self_managed/container_registry_spec.rb
+++ b/qa/qa/specs/features/browser_ui/5_package/container_registry/self_managed/container_registry_spec.rb
@@ -7,17 +7,16 @@ module QA
 
       let(:project) { create(:project, :private, name: 'project-with-registry', template_name: 'express') }
       let(:project_deploy_token) do
-        Resource::ProjectDeployToken.fabricate_via_api! do |deploy_token|
-          deploy_token.name = 'registry-deploy-token'
-          deploy_token.project = project
-          deploy_token.scopes = %w[
+        create(:project_deploy_token,
+          name: 'registry-deploy-token',
+          project: project,
+          scopes: %w[
             read_repository
             read_package_registry
             write_package_registry
             read_registry
             write_registry
-          ]
-        end
+          ])
       end
 
       let!(:runner) do
diff --git a/qa/qa/specs/features/browser_ui/5_package/dependency_proxy/dependency_proxy_spec.rb b/qa/qa/specs/features/browser_ui/5_package/dependency_proxy/dependency_proxy_spec.rb
index b37d06e2223..1276a2019d5 100644
--- a/qa/qa/specs/features/browser_ui/5_package/dependency_proxy/dependency_proxy_spec.rb
+++ b/qa/qa/specs/features/browser_ui/5_package/dependency_proxy/dependency_proxy_spec.rb
@@ -17,14 +17,10 @@ module QA
       end
 
       let(:group_deploy_token) do
-        Resource::GroupDeployToken.fabricate_via_api! do |deploy_token|
-          deploy_token.name = 'dp-group-deploy-token'
-          deploy_token.group = project.group
-          deploy_token.scopes = %w[
-            read_registry
-            write_registry
-          ]
-        end
+        create(:group_deploy_token,
+          name: 'dp-group-deploy-token',
+          group: project.group,
+          scopes: %w[read_registry write_registry])
       end
 
       let(:personal_access_token) { Runtime::Env.personal_access_token }
diff --git a/qa/qa/specs/features/browser_ui/5_package/package_registry/maven/maven_group_level_spec.rb b/qa/qa/specs/features/browser_ui/5_package/package_registry/maven/maven_group_level_spec.rb
index f781ad0df2f..26dfdae0538 100644
--- a/qa/qa/specs/features/browser_ui/5_package/package_registry/maven/maven_group_level_spec.rb
+++ b/qa/qa/specs/features/browser_ui/5_package/package_registry/maven/maven_group_level_spec.rb
@@ -14,15 +14,14 @@ module QA
       let(:package_type) { 'maven' }
 
       let(:group_deploy_token) do
-        Resource::GroupDeployToken.fabricate_via_api! do |deploy_token|
-          deploy_token.name = 'maven-group-deploy-token'
-          deploy_token.group = package_project.group
-          deploy_token.scopes = %w[
+        create(:group_deploy_token,
+          name: 'maven-group-deploy-token',
+          group: package_project.group,
+          scopes: %w[
             read_repository
             read_package_registry
             write_package_registry
-          ]
-        end
+          ])
       end
 
       context 'via maven' do
diff --git a/qa/qa/specs/features/browser_ui/5_package/package_registry/maven_gradle_repository_spec.rb b/qa/qa/specs/features/browser_ui/5_package/package_registry/maven_gradle_repository_spec.rb
index c7ba83677c7..51279bb32dc 100644
--- a/qa/qa/specs/features/browser_ui/5_package/package_registry/maven_gradle_repository_spec.rb
+++ b/qa/qa/specs/features/browser_ui/5_package/package_registry/maven_gradle_repository_spec.rb
@@ -32,15 +32,14 @@ module QA
       end
 
       let(:project_deploy_token) do
-        Resource::ProjectDeployToken.fabricate_via_api! do |deploy_token|
-          deploy_token.name = 'package-deploy-token'
-          deploy_token.project = project
-          deploy_token.scopes = %w[
+        create(:project_deploy_token,
+          name: 'package-deploy-token',
+          project: project,
+          scopes: %w[
             read_repository
             read_package_registry
             write_package_registry
-          ]
-        end
+          ])
       end
 
       let(:project_inbound_job_token_disabled) do
diff --git a/qa/qa/specs/features/browser_ui/6_release/deploy_token/add_deploy_token_spec.rb b/qa/qa/specs/features/browser_ui/6_release/deploy_token/add_deploy_token_spec.rb
index 426f32fe4dc..5d33ee5cd9a 100644
--- a/qa/qa/specs/features/browser_ui/6_release/deploy_token/add_deploy_token_spec.rb
+++ b/qa/qa/specs/features/browser_ui/6_release/deploy_token/add_deploy_token_spec.rb
@@ -10,11 +10,10 @@ module QA
         deploy_token_name = 'deploy token name'
         one_week_from_now = Date.today + 7
 
-        deploy_token = Resource::ProjectDeployToken.fabricate_via_api! do |resource|
-          resource.name = deploy_token_name
-          resource.expires_at = one_week_from_now
-          resource.scopes = %w[read_repository]
-        end
+        deploy_token = create(:project_deploy_token,
+          name: deploy_token_name,
+          expires_at: one_week_from_now,
+          scopes: %w[read_repository])
 
         expect(deploy_token.username.length).to be > 0
         expect(deploy_token.token.length).to be > 0
diff --git a/rubocop/cop/qa/fabricate_usage.rb b/rubocop/cop/qa/fabricate_usage.rb
index 1787df0e7df..b03646d8a9b 100644
--- a/rubocop/cop/qa/fabricate_usage.rb
+++ b/rubocop/cop/qa/fabricate_usage.rb
@@ -28,23 +28,35 @@ module RuboCop
       class FabricateUsage < RuboCop::Cop::Base
         MESSAGE = "Prefer create(:%{factory}[, ...]) here."
         RESOURCES_TO_CHECK = {
-          'Resource::Project' => :project,
-          'Resource::Group' => :group,
-          'Resource::Issue' => :issue,
-          'Resource::User' => :user,
-          'Resource::Pipeline' => :pipeline,
-          'Resource::Job' => :job,
+          'Resource::CiVariable' => :ci_variable,
+          'Resource::Commit' => :commit,
+          'Resource::Design' => :design,
           'Resource::File' => :file,
+          'Resource::Group' => :group,
           'Resource::GroupAccessToken' => :group_access_token,
-          'Resource::ProjectAccessToken' => :project_access_token,
+          'Resource::GroupDeployToken' => :group_deploy_token,
           'Resource::GroupLabel' => :group_label,
-          'Resource::ProjectLabel' => :project_label,
-          'Resource::GroupRunner' => :group_runner,
-          'Resource::ProjectRunner' => :project_runner,
           'Resource::GroupMilestone' => :group_milestone,
+          'Resource::GroupRunner' => :group_runner,
+          'Resource::GroupWikiPage' => :group_wiki_page,
+          'Resource::Issue' => :issue,
+          'Resource::Job' => :job,
+          'Resource::MergeRequest' => :merge_request,
+          'Resource::Package' => :package,
+          'Resource::Pipeline' => :pipeline,
+          'Resource::PipelineSchedule' => :pipeline_schedule,
+          'Resource::Project' => :project,
+          'Resource::ProjectAccessToken' => :project_access_token,
+          'Resource::ProjectDeployToken' => :project_deploy_token,
+          'Resource::ProjectLabel' => :project_label,
           'Resource::ProjectMilestone' => :project_milestone,
+          'Resource::ProjectRunner' => :project_runner,
+          'Resource::ProjectSnippet' => :project_snippet,
+          'Resource::ProjectWikiPage' => :project_wiki_page,
+          'Resource::Sandbox' => :sandbox,
           'Resource::Snippet' => :snippet,
-          'Resource::ProjectSnippet' => :project_snippet
+          'Resource::Tag' => :tag,
+          'Resource::User' => :user
         }.freeze
 
         RESTRICT_ON_SEND = %i[fabricate_via_api!].freeze
diff --git a/spec/controllers/projects/tree_controller_spec.rb b/spec/controllers/projects/tree_controller_spec.rb
index 4e00d58bf17..1244668c659 100644
--- a/spec/controllers/projects/tree_controller_spec.rb
+++ b/spec/controllers/projects/tree_controller_spec.rb
@@ -294,6 +294,8 @@ RSpec.describe Projects::TreeController, feature_category: :source_code_manageme
   end
 
   describe '#create_dir' do
+    let(:create_merge_request) { nil }
+
     render_views
 
     before do
@@ -303,18 +305,57 @@ RSpec.describe Projects::TreeController, feature_category: :source_code_manageme
         id: 'master',
         dir_name: path,
         branch_name: branch_name,
-        commit_message: 'Test commit message'
+        commit_message: 'Test commit message',
+        create_merge_request: create_merge_request
       }
     end
 
     context 'successful creation' do
       let(:path) { 'files/new_dir' }
-      let(:branch_name) { 'master-test' }
+      let(:branch_name) { "main-test-#{SecureRandom.hex}" }
 
-      it 'redirects to the new directory' do
-        expect(subject)
-            .to redirect_to("/#{project.full_path}/-/tree/#{branch_name}/#{path}")
-        expect(flash[:notice]).to eq('The directory has been successfully created.')
+      context 'when not creating a new MR' do
+        let(:create_merge_request) { 'false' }
+
+        it 'redirects to the new directory' do
+          expect(subject)
+              .to redirect_to("/#{project.full_path}/-/tree/#{branch_name}/#{path}")
+          expect(flash[:notice]).to eq('The directory has been successfully created.')
+        end
+      end
+
+      context 'when creating a new MR' do
+        shared_examples 'a new MR from branch redirection' do
+          it 'redirects to the new MR page' do
+            expect(subject)
+                .to redirect_to("/#{project.full_path}/-/merge_requests/new?merge_request%5Bsource_branch%5D=#{branch_name}&merge_request%5Btarget_branch%5D=master&merge_request%5Btarget_project_id%5D=#{project.id}")
+            expect(flash[:notice]).to eq('The directory has been successfully created. You can now submit a merge request to get this change into the original branch.')
+          end
+        end
+
+        context "and the passed create_merge_request value is true" do
+          it_behaves_like 'a new MR from branch redirection' do
+            let(:create_merge_request) { true }
+          end
+        end
+
+        context "and the passed create_merge_request value is 'true'" do
+          it_behaves_like 'a new MR from branch redirection' do
+            let(:create_merge_request) { 'true' }
+          end
+        end
+
+        context "and the passed create_merge_request value is '1'" do
+          it_behaves_like 'a new MR from branch redirection' do
+            let(:create_merge_request) { '1' }
+          end
+        end
+
+        context "and the passed create_merge_request value is 1" do
+          it_behaves_like 'a new MR from branch redirection' do
+            let(:create_merge_request) { 1 }
+          end
+        end
       end
     end
 
diff --git a/spec/features/projects/files/user_creates_files_spec.rb b/spec/features/projects/files/user_creates_files_spec.rb
index edc504240a7..c104f43c4af 100644
--- a/spec/features/projects/files/user_creates_files_spec.rb
+++ b/spec/features/projects/files/user_creates_files_spec.rb
@@ -56,7 +56,13 @@ RSpec.describe 'Projects > Files > User creates files', :js, feature_category: :
   end
 
   context 'with committing a new file' do
+    let(:file_name) { 'a_file.md' }
+    let(:file_content) { 'some file content' }
+    let(:can_submit_mr_content) { 'You can now submit a merge request to get this change into the original branch.' }
+
     context 'when an user has write access' do
+      let(:branch_name) { 'new_branch_name' }
+
       before do
         visit(project_tree_path_root_ref)
 
@@ -94,28 +100,30 @@ RSpec.describe 'Projects > Files > User creates files', :js, feature_category: :
         expect(page).to have_content 'Path cannot include directory traversal'
       end
 
-      it 'creates and commit a new file' do
-        editor_set_value('*.rbca')
-        fill_in(:file_name, with: 'not_a_file.md')
+      it 'creates and commits a new file' do
+        editor_set_value(file_content)
+        fill_in(:file_name, with: file_name)
         fill_in(:commit_message, with: 'New commit message', visible: true)
+
         click_button('Commit changes')
 
-        new_file_path = project_blob_path(project, 'master/not_a_file.md')
+        new_file_path = project_blob_path(project, "master/#{file_name}")
 
         expect(page).to have_current_path(new_file_path, ignore_query: true)
 
         wait_for_requests
 
-        expect(page).to have_content('*.rbca')
+        expect(page).to have_content(file_content)
       end
 
-      it 'creates and commit a new file with new lines at the end of file' do
+      it 'creates and commits a new file with new lines at the end of file' do
         editor_set_value('Sample\n\n\n')
-        fill_in(:file_name, with: 'not_a_file.md')
+        fill_in(:file_name, with: file_name)
         fill_in(:commit_message, with: 'New commit message', visible: true)
+
         click_button('Commit changes')
 
-        new_file_path = project_blob_path(project, 'master/not_a_file.md')
+        new_file_path = project_blob_path(project, "master/#{file_name}")
 
         expect(page).to have_current_path(new_file_path, ignore_query: true)
 
@@ -124,38 +132,64 @@ RSpec.describe 'Projects > Files > User creates files', :js, feature_category: :
         expect(find('.monaco-editor')).to have_content('Sample\n\n\n')
       end
 
-      it 'creates and commit a new file with a directory name' do
+      it 'creates and commits a new file with a directory name' do
         fill_in(:file_name, with: 'foo/bar/baz.txt')
 
         expect(page).to have_selector('.file-editor')
 
-        editor_set_value('*.rbca')
+        editor_set_value(file_content)
         fill_in(:commit_message, with: 'New commit message', visible: true)
+
         click_button('Commit changes')
 
         expect(page).to have_current_path(project_blob_path(project, 'master/foo/bar/baz.txt'), ignore_query: true)
 
         wait_for_requests
 
-        expect(page).to have_content('*.rbca')
+        expect(page).to have_content(file_content)
       end
 
-      it 'creates and commit a new file specifying a new branch' do
-        expect(page).to have_selector('.file-editor')
+      context 'when not creating a new MR' do
+        it 'creates and commits a new file specifying a new branch' do
+          expect(page).to have_selector('.file-editor')
 
-        editor_set_value('*.rbca')
-        fill_in(:file_name, with: 'not_a_file.md')
-        fill_in(:commit_message, with: 'New commit message', visible: true)
-        fill_in(:branch_name, with: 'new_branch_name', visible: true)
-        click_button('Commit changes')
+          editor_set_value(file_content)
+          fill_in(:file_name, with: file_name)
+          fill_in(:commit_message, with: 'New commit message', visible: true)
+          fill_in(:branch_name, with: branch_name, visible: true)
+          find_field('Start a new merge request with these changes').uncheck
 
-        expect(page).to have_current_path(project_new_merge_request_path(project), ignore_query: true)
+          click_button('Commit changes')
 
-        click_link('Changes')
+          new_file_path = project_blob_path(project, "#{branch_name}/#{file_name}")
 
-        wait_for_requests
+          expect(page).to have_current_path(new_file_path)
 
-        expect(page).to have_content('*.rbca')
+          wait_for_requests
+
+          expect(page).not_to have_content(can_submit_mr_content)
+        end
+      end
+
+      context 'when creating a new MR' do
+        it 'creates and commits a new file specifying a new branch and creates an MR' do
+          expect(page).to have_selector('.file-editor')
+
+          editor_set_value(file_content)
+          fill_in(:file_name, with: file_name)
+          fill_in(:commit_message, with: 'New commit message', visible: true)
+          fill_in(:branch_name, with: branch_name, visible: true)
+
+          click_button('Commit changes')
+
+          expect(page).to have_current_path(project_new_merge_request_path(project), ignore_query: true)
+
+          click_link('Changes')
+
+          wait_for_requests
+
+          expect(page).to have_content(can_submit_mr_content)
+        end
       end
     end
 
@@ -174,12 +208,12 @@ RSpec.describe 'Projects > Files > User creates files', :js, feature_category: :
         expect(page).to have_content(message)
       end
 
-      it 'creates and commit new file in forked project' do
+      it 'creates and commits a new file in forked project' do
         expect(page).to have_selector('.file-editor')
 
-        editor_set_value('*.rbca')
+        editor_set_value(file_content)
 
-        fill_in(:file_name, with: 'not_a_file.md')
+        fill_in(:file_name, with: file_name)
         fill_in(:commit_message, with: 'New commit message', visible: true)
         click_button('Commit changes')
 
diff --git a/spec/lib/gitlab/database/sharding_key_spec.rb b/spec/lib/gitlab/database/sharding_key_spec.rb
index ec72f57fb27..c0ae0b11ea3 100644
--- a/spec/lib/gitlab/database/sharding_key_spec.rb
+++ b/spec/lib/gitlab/database/sharding_key_spec.rb
@@ -17,11 +17,24 @@ RSpec.describe 'new tables missing sharding_key', feature_category: :cell do
   # the table name to remove this once a decision has been made.
   let(:allowed_to_be_missing_not_null) do
     [
+      *tables_with_alternative_not_null_constraint,
       'labels.project_id', # https://gitlab.com/gitlab-org/gitlab/-/issues/434356
       'labels.group_id' # https://gitlab.com/gitlab-org/gitlab/-/issues/434356
     ]
   end
 
+  # The following tables have multiple sharding keys and a check constraint that
+  # correctly ensures at least one of the keys must be set, however the constraint
+  # definition is written in a way that is difficult to verify using these specs.
+  # For example:
+  #   `CONSTRAINT example_constraint CHECK (((project_id IS NULL) <> (namespace_id IS NULL)))`
+  let(:tables_with_alternative_not_null_constraint) do
+    [
+      'security_orchestration_policy_configurations.project_id',
+      'security_orchestration_policy_configurations.namespace_id'
+    ]
+  end
+
   # Some reasons to exempt a table:
   #   1. It has no foreign key for performance reasons
   #   2. It does not yet have a foreign key as the index is still being backfilled
diff --git a/spec/services/ci/trigger_downstream_pipeline_service_spec.rb b/spec/services/ci/trigger_downstream_pipeline_service_spec.rb
new file mode 100644
index 00000000000..71d69316589
--- /dev/null
+++ b/spec/services/ci/trigger_downstream_pipeline_service_spec.rb
@@ -0,0 +1,122 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Ci::TriggerDownstreamPipelineService, feature_category: :continuous_integration do
+  let_it_be(:project) { create(:project, :repository) }
+  let_it_be(:user) { project.first_owner }
+  let_it_be(:pipeline) { create(:ci_pipeline, project: project, user: user) }
+
+  let(:bridge) do
+    create(:ci_bridge, status: :created, options: bridge_options, pipeline: pipeline, user: user)
+  end
+
+  let(:bridge_options) { { trigger: { project: 'my/project' } } }
+  let(:service) { described_class.new(bridge) }
+
+  describe '#execute' do
+    subject(:execute) { service.execute }
+
+    context 'when the bridge does not trigger a downstream pipeline' do
+      let(:bridge_options) { { trigger: {} } }
+
+      it 'returns a success response' do
+        expect(execute).to be_success
+        expect(execute.message).to eq('Does not trigger a downstream pipeline')
+      end
+    end
+
+    # In these tests, we execute the service twice in succession
+    describe 'rate limiting', :freeze_time, :clean_gitlab_redis_rate_limiting do
+      shared_examples 'creates a log entry' do |downstream_type = 'multi-project'|
+        it do
+          service.execute
+
+          expect(Gitlab::AppJsonLogger).to receive(:info).with(
+            a_hash_including(
+              class: described_class.name,
+              project_id: project.id,
+              current_user_id: user.id,
+              pipeline_sha: pipeline.sha,
+              subscription_plan: project.actual_plan_name,
+              downstream_type: downstream_type,
+              message: 'Activated downstream pipeline trigger rate limit'
+            )
+          )
+
+          execute
+        end
+      end
+
+      context 'when the limit is exceeded' do
+        before do
+          stub_const("#{described_class.name}::DOWNSTREAM_PIPELINE_TRIGGER_LIMIT_PER_PROJECT_USER_SHA", 1)
+        end
+
+        it 'drops the bridge and does not schedule the downstream pipeline worker', :aggregate_failures do
+          service.execute
+
+          expect { execute }.not_to change { ::Ci::CreateDownstreamPipelineWorker.jobs.size }
+          expect(bridge).to be_failed
+          expect(bridge.failure_reason).to eq('reached_downstream_pipeline_trigger_rate_limit')
+          expect(execute).to be_error
+          expect(execute.message).to eq('Reached downstream pipeline trigger rate limit')
+        end
+
+        it_behaves_like 'creates a log entry'
+
+        context 'with a child pipeline' do
+          let(:bridge_options) { { trigger: { include: 'my_child_config.yml' } } }
+
+          it 'drops the bridge and does not schedule the downstream pipeline worker', :aggregate_failures do
+            service.execute
+
+            expect { execute }.not_to change { ::Ci::CreateDownstreamPipelineWorker.jobs.size }
+            expect(bridge).to be_failed
+            expect(bridge.failure_reason).to eq('reached_downstream_pipeline_trigger_rate_limit')
+            expect(execute).to be_error
+            expect(execute.message).to eq('Reached downstream pipeline trigger rate limit')
+          end
+
+          it_behaves_like 'creates a log entry', 'child'
+        end
+
+        context 'when FF `ci_rate_limit_downstream_pipelines` is disabled' do
+          before do
+            stub_feature_flags(ci_rate_limit_downstream_pipelines: false)
+          end
+
+          it 'schedules the downstream pipeline worker' do
+            service.execute
+
+            expect { execute }.to change { ::Ci::CreateDownstreamPipelineWorker.jobs.size }.by(1)
+            expect(bridge).not_to be_failed
+            expect(execute).to be_success
+            expect(execute.message).to eq('Downstream pipeline enqueued')
+          end
+
+          it_behaves_like 'creates a log entry'
+        end
+      end
+
+      context 'when the limit is not exceeded' do
+        it 'schedules the downstream pipeline worker' do
+          service.execute
+
+          expect { execute }.to change { ::Ci::CreateDownstreamPipelineWorker.jobs.size }.by(1)
+          expect(bridge).not_to be_failed
+          expect(execute).to be_success
+          expect(execute.message).to eq('Downstream pipeline enqueued')
+        end
+
+        it 'does not create a log entry' do
+          service.execute
+
+          expect(Gitlab::AppJsonLogger).not_to receive(:info)
+
+          execute
+        end
+      end
+    end
+  end
+end
diff --git a/spec/support/helpers/database/duplicate_indexes.yml b/spec/support/helpers/database/duplicate_indexes.yml
index 609b018b0cd..29202d49e78 100644
--- a/spec/support/helpers/database/duplicate_indexes.yml
+++ b/spec/support/helpers/database/duplicate_indexes.yml
@@ -135,8 +135,6 @@ sbom_component_versions:
   index_sbom_component_versions_on_component_id_and_version:
     - index_sbom_component_versions_on_component_id
 sbom_occurrences:
-  index_sbom_occurrences_for_input_file_path_search:
-    - index_sbom_occurrences_on_project_id_component_id
   index_sbom_occurrences_on_project_id_and_component_id_and_id:
     - index_sbom_occurrences_on_project_id_component_id
 search_namespace_index_assignments:
diff --git a/yarn.lock b/yarn.lock
index 278aec8d4e0..f16b04c43a9 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -1316,10 +1316,10 @@
     stylelint-declaration-strict-value "1.10.4"
     stylelint-scss "6.0.0"
 
-"@gitlab/svgs@3.78.0":
-  version "3.78.0"
-  resolved "https://registry.yarnpkg.com/@gitlab/svgs/-/svgs-3.78.0.tgz#55054435e18de4cb9e8e027e1c65e8ba27f3ff15"
-  integrity sha512-/53tfdI1YQAvKNlMuYX1Ua6i8o0RR4409lOKPv05HKZIKWOp/QlOz4ebXdD3CtV+bquBYjPPQeCJsNEVoWOlIg==
+"@gitlab/svgs@3.79.0":
+  version "3.79.0"
+  resolved "https://registry.yarnpkg.com/@gitlab/svgs/-/svgs-3.79.0.tgz#ba15db14ba175579ca1fef8290acf5102e3d9a69"
+  integrity sha512-5h4+wRTFhMLolSzm7UUENn9yRVIWICB0Urbl25H9BBQV3WxBRktbe9c052AvUwNNUTEdWqUYu7yiAKI5ZwqRzQ==
 
 "@gitlab/ui@^72.10.0":
   version "72.10.0"