using automation framework in gitlab ci

[ahmed]

Hi all ,
Actually I'm new in ZAP and I'm trying to use Automation framework in gitlab ci cd .
I have tried passive scan / full scan  ( using owasp/zap2docker-stable ) successfully but i want to use automation framework instead . it is possible to use it in zap docker image ? 
Thanks in advance.

[psiinon]

Yes, the Automation Framework will work well in the ZAP docker images: https://www.zaproxy.org/docs/docker/about/#automation-framework

The packaged scans are actually being migrated to use it under the covers.

Cheers,

Simon

[ahmed]

 I have successfully used the passive scan feature in the Automation Framework. However, when I attempted to use the active scan , the scan completed within 1 minute and no tests were done.  ( i'm using the default  parameters  )

  - type: activeScan

    parameters:

[psiinon]

In isolation that tells us nothing.

Have you included any of the exploring jobs before that one?

If not then the acticeScan will not have anything to work with.

Cheers,

Simon

[ahmed]

there is the jobs i used and the result of the pipeline 

[psiinon]

Why have you defined 'Context: "Default Context"' in the spiders but not the activeScan job? (Unless that part is hidden)

You only need to specify a context if you have more than one, and if you do that I'd recommend that you use it consistently.

Apart from that the jobs look sensible, but we cant see how they worked from the output.

The output should tell you how many URLs the 2 spiders found.

If they found nothing then the activeScan job will have nothing to work with.

Cheers,

Simon