ZAP plugin on Jenkins scan not showing all the findings (only High vulnerabilities are showing up in the report) compared to the ZAP automated scan in the local machine

39 views

Skip to first unread message

Sairam Nalluri

unread,

May 2, 2020, 10:57:32 AM5/2/20

to ZAP Jenkins Plugin

Hi All,

I'm using ZAP plugin on Jenkins for automated scan and observed that ZAP plugin on Jenkins scan not showing all the findings (only High vulnerabilities are showing up in the report) compared to the ZAP automated scan in the local machine. Please look in to the below information once and let me know if I'm missing anything here.

Thanks in Advance.

Regards,

Sairam

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Java Version : 1.8.0_73

Jenkins Version: 2.222.3

ZAP version : 2.9.0 (Installed on local machine:: Windows)

ZAP Jenkins Plugin Version: 1.1.0

Jenkins and ZAP , both are running on the master

Configuration:

Please see the below screenshot for reference to the Jenkins configuration:

Capture 2020-05-02 at 20.17.04.png

Capture 2020-05-02 at 20.17.09.png

Capture 2020-05-02 at 20.17.11.png

Capture 2020-05-02 at 20.17.12.png

I have created the ZAP + jenkins configuration and scanned http://demo.testfire.net/. The build is successful and report is generated.

However, only High severity(2 issues) findings are shown in the Jenkins report. When the same application is scanned through ZAP local installation, it showing lot of other findings.

Jenkins Report:

Capture 2020-05-02 at 20.23.02.png

zap.log

Reply all

Reply to author

Forward

0 new messages