Standalone Runnable jar for ZAP
86 views
Skip to first unread message
living room tv
Jun 9, 2023, 4:55:49 AM6/9/23
to OWASP ZAP User Group
Hi All,
I downloaded ZAP 2.12.0 and unzipped on my PC.
To run, I use the java -jar command and it works fine.
However, I see some dependencies are resolved at runtime and live in the lib folder at the same level as the jar. Is there any way, I can bundle them into the same runnable jar by building from source ?
my goal is to have a runnable uber jar with all the dependencies packaged into it.
Thanks !
psiinon
Jun 9, 2023, 5:09:39 AM6/9/23
to zaprox...@googlegroups.com
We do not recommend running ZAP in that way - we recommend you use the scripts we provide, as per https://www.zaproxy.org/faq/how-can-you-start-zap/
Obviously you can do whatever you want, but we only support the ways we have documented :)
Cheers,
Simon
--
You received this message because you are subscribed to the Google Groups "OWASP ZAP User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/c463b689-0eb2-46d1-a871-6a3c8c5d5dc3n%40googlegroups.com.
--
OWASP ZAP Project leader
thc...@gmail.com
Jun 9, 2023, 5:28:45 AM6/9/23
to zaprox...@googlegroups.com
Also, worth noting that add-ons also have dependencies and are not in
the main jar and some dependencies will not work correctly with uber jar
either (e.g. manifest data overwritten).
Best regards.
>> <https://groups.google.com/d/msgid/zaproxy-users/c463b689-0eb2-46d1-a871-6a3c8c5d5dc3n%40googlegroups.com?utm_medium=email&utm_source=footer>
>> .
>>
>
>
the main jar and some dependencies will not work correctly with uber jar
either (e.g. manifest data overwritten).
Best regards.
>> .
>>
>
>
living room tv
Jun 10, 2023, 4:38:39 AM6/10/23
to OWASP ZAP User Group
Thanks for taking time out and responding to me.
Let me give a bit more background on why I want to do this.. perhaps there is a better way and I am going down the wrong road.
I have a postman api testing script that lives in a repository.. I want to run a nightly build from the repo, it picks up the script, routes it through zap and then captures the security testing report.
I use Jenkins to run the nightly builds, my apps are deployed into open shift and pivotal cloud foundry platform.
The idea behind creating an uber jar is to then deploy it into open shift / pivotal cloud foundry as a runnable jar like any other application.. and then proxy the postman requests through it.
Is there any way to do this ?
or perhaps a better way to achieve a similar result ?
Thanks
Reply all
Reply to author
Forward
0 new messages