How to get a report of Passing and Failed Tests in ZAP Active Scan
546 views
Skip to first unread message
Omkar Kumbhar
Sep 7, 2022, 2:49:47 AM9/7/22
to OWASP ZAP Developer Group
Hi Team,
I am trying to export ZAP active scan report in json and importing that report into Heimdall. We use Heimdall as our reporting dashboard where we upload reports from different tools and see the results at one place.
However, whenever I upload ZAP active scan json based report in Heimdall, it only shows failed tests (These are the vulnerabilities reported by ZAP tool) but we are expecting that the report should show number of test cases passed vs number of test cases failed.
Is there any way in ZAP where we can export this kind of report? If there is no such report-template available now then is there any plan to develop such report template in future?
Thanks,
Omkar
psiinon
Sep 7, 2022, 3:39:01 AM9/7/22
to OWASP ZAP Developer Group
Hi Omkar,
The full list of reports available, and what they provide, is here: https://www.zaproxy.org/docs/desktop/addons/report-generation/templates/
The Modern HTML Report with themes and options report does show passing tests as well as failing ones/
If that doesnt work for you then it fairly easy to create your own reports (especially if you rip off existing ones;) : https://www.zaproxy.org/docs/desktop/addons/report-generation/create/
If you create any that you think other people may find useful then please contribute them back - we can help with the PR etc.
Cheers,
Simon
Travaca
Oct 3, 2023, 3:44:31 PM10/3/23
to ZAP Developer Group
Hey all,
I've been looking for ways to get Pass and Fails in a json or xml report.
I've looked at the links provided here and I'm struggling to gather how I can use this information to get what I need.
I'm using zap docker containers and successfully running zap.sh, zap-baseline.py, and zap-full-scan.py; it prints out Pass, Fail, Warn in the terminal but the report only go as far as Warn, still cant get Passes to show.
Any advice would be appreciated!
Travaca
I've been looking for ways to get Pass and Fails in a json or xml report.
I've looked at the links provided here and I'm struggling to gather how I can use this information to get what I need.
I'm using zap docker containers and successfully running zap.sh, zap-baseline.py, and zap-full-scan.py; it prints out Pass, Fail, Warn in the terminal but the report only go as far as Warn, still cant get Passes to show.
Any advice would be appreciated!
Travaca
psiinon
Oct 4, 2023, 3:21:02 AM10/4/23
to ZAP Developer Group
The previous answer still stands.
The reports are all described on https://www.zaproxy.org/docs/desktop/addons/report-generation/templates/
Only the Modern HTML Report with themes and options report shows the passing results, and thats not accessible via the Packaged Scans.
The Packaged Scans are always going to be limited in some way.
Have a look at the Automation Framework (AF): https://www.zaproxy.org/docs/automate/automation-framework/
This is much more flexible and does support all of the reports.
We are also migrating the Packaged Scans to use the AF under the hood.
Cheers,
Simon
Reply all
Reply to author
Forward
0 new messages