Does GitHub have a DAST?

GitHub does not natively include Dynamic Application Security Testing (DAST) as part of its built-in security tools. GitHub's security features mainly focus on static code analysis through GitHub Advanced Security, which includes tools like Dependabot for dependency scanning and CodeQL for static analysis (SAST).

However, DAST can still be integrated into GitHub through third-party tools. Popular DAST solutions, such as OWASP ZAP, Burp Suite, or commercial DAST services, can be incorporated into GitHub Actions or the CI/CD pipeline. By setting up a custom workflow in GitHub Actions, you can trigger these DAST tools to scan a deployed application during the testing phase.

While GitHub does not provide DAST out of the box, using third-party DAST tools allows you to implement dynamic security testing in your development process, ensuring comprehensive security coverage beyond static analysis.