using automation framework in gitlab ci

32 views
Skip to first unread message

ahmed

unread,
Jan 16, 2023, 5:32:38 PM1/16/23
to OWASP ZAP Developer Group
Hi all ,
Actually I'm new in ZAP and I'm trying to use Automation framework in gitlab ci cd .
I have tried passive scan / full scan  ( using owasp/zap2docker-stable ) successfully but i want to use automation framework instead . it is possible to use it in zap docker image ? 
Thanks in advance.

psiinon

unread,
Jan 17, 2023, 4:12:38 AM1/17/23
to OWASP ZAP Developer Group
Yes, the Automation Framework will work well in the ZAP docker images: https://www.zaproxy.org/docs/docker/about/#automation-framework
The packaged scans are actually being migrated to use it under the covers.

Cheers,

Simon

ahmed

unread,
Jan 17, 2023, 9:51:15 AM1/17/23
to OWASP ZAP Developer Group
 I have successfully used the passive scan feature in the Automation Framework. However, when I attempted to use the active scan , the scan completed within 1 minute and no tests were done.  ( i'm using the default  parameters  )
  - type: activeScan
    parameters:

psiinon

unread,
Jan 17, 2023, 11:43:48 AM1/17/23
to OWASP ZAP Developer Group
In isolation that tells us nothing.
Have you included any of the exploring jobs before that one?
If not then the acticeScan will not have anything to work with.

Cheers,

Simon

ahmed

unread,
Jan 18, 2023, 3:31:38 PM1/18/23
to OWASP ZAP Developer Group
there is the jobs i used and the result of the pipeline 

jobs.pngoutput1.pngoutput2.png

psiinon

unread,
Jan 19, 2023, 5:04:07 AM1/19/23
to OWASP ZAP Developer Group
Why have you defined 'Context: "Default Context"' in the spiders but not the activeScan job? (Unless that part is hidden)
You only need to specify a context if you have more than one, and if you do that I'd recommend that you use it consistently.
Apart from that the jobs look sensible, but we cant see how they worked from the output.
The output should tell you how many URLs the 2 spiders found.
If they found nothing then the activeScan job will have nothing to work with.

Cheers,

Simon
Reply all
Reply to author
Forward
0 new messages