Hi,
I am new to OWASP Zap and would like to be able to amend the following page with various insights I have gained :
I am creating a CI/CD DevOps solution for a website and want to be able to proxy the c#-selenium tests we have through a docker container using an instance of zap2docker.
After the tests have completed the solution would then grab hold of the HTML report that ZAP can generate using the zap-api-dotnet package.
I am using Azure DevOps for builds and releases, Microsoft Azure to host the test environments and Azure Container Instances (ACI) to run the zap2docker container.
What I have seen so far are the static baseline scans
How do I update the github wiki page?
I did download the full wiki {in wiki syntax}, but then what to do to update it.
Several things I would like to add
1. When using Zap in a docker container the need to proxy your web browser to the external IP of the container in order to be able to browse the API UI.
2. How to generate the private/public key certificate initially by running the daemon and then reusing it on subsequent runs of the zap2docker container.
zap.sh -daemon -certfulldump wrk/cert1full.pem
zap.sh -daemon -certload wrk/cert1full.pem .... other params ....
With ACI every restart results in a fresh image being pulled [which is what is needed so that you always have the latest version].
It would be easier to have just one certificate that gets installed on the test environments rather than constantly updating it with each run of the zap2docker container.
3. How to proxy the zap-api-dotnet package against the container - managed to retrieve the html report after some code modifications.
Cheers
pkbfs