ZAP Automation Framework as Docker Contianer
369 views
Skip to first unread message
Vinda Parab
Apr 18, 2022, 7:16:02 AM4/18/22
to OWASP ZAP User Group
Hello Simon, Team,
It's really nice to see the ZAP Automation Framework now supports authenticated scans!!
Thanks for getting this in place. Great work!!!
I have started using ZAP AF now.
One of my observation is that -
When I execute the Automation Plan through ZAP docker container using latest ZAP docker image, I see the message - "Automation Plan Succeeded", but the scan keeps running.
While using the same config yaml on my local machine - and run the ZAP AF scan, I can see that the scan finishes as expected once the message - "Automation Plan Succeeded" appears.
Command used for Docker Container: docker run -v /var/jenkins_home/workspace/ZAP_AF_Baseline_Scan:/zap/wrk/:rw -u root -t owasp/zap2docker-stable zap.sh -cmd -autorun /zap/wrk/Baseline_Scan.yaml
Command used on Local machine CLI: zap.bat -cmd -autorun C:\Users\vinda_parab\Baseline_Scan.yaml
Reference Screenshot: Attached.
Request you to please look into this, as I am planning to integrate this with Jenkins by running ZAP Scan in a docker container.
thc...@gmail.com
Apr 18, 2022, 7:53:46 AM4/18/22
to zaprox...@googlegroups.com
That's a known issue:
https://github.com/zaproxy/zaproxy/issues/7138
You should not run the image with root though, Firefox does not like that.
Best regards.
On 18/04/2022 12:16, Vinda Parab wrote:
> Hello Simon, Team,
>
> It's really nice to see the ZAP Automation Framework now supports
> authenticated scans!!
> *Thanks for getting this in place. Great work!!!*
> the scan keeps running.*
>
> Command used on Local machine CLI: *zap.bat -cmd -autorun
> C:\Users\vinda_parab\Baseline_Scan.yaml*
https://github.com/zaproxy/zaproxy/issues/7138
You should not run the image with root though, Firefox does not like that.
Best regards.
On 18/04/2022 12:16, Vinda Parab wrote:
> Hello Simon, Team,
>
> It's really nice to see the ZAP Automation Framework now supports
> authenticated scans!!
>
> I have started using ZAP AF now.
> One of my observation is that -
> When I execute the Automation Plan through ZAP docker container using
> latest ZAP docker image, I see the message - "Automation Plan Succeeded", *but
> I have started using ZAP AF now.
> One of my observation is that -
> When I execute the Automation Plan through ZAP docker container using
> the scan keeps running.*
>
> While using the same config yaml on my local machine - and run the ZAP AF
> scan, I can see that the scan finishes as expected once the message -
> "Automation Plan Succeeded" appears.
>
> Command used for Docker Container: *docker run -v
> While using the same config yaml on my local machine - and run the ZAP AF
> scan, I can see that the scan finishes as expected once the message -
> "Automation Plan Succeeded" appears.
>
> /var/jenkins_home/workspace/ZAP_AF_Baseline_Scan:/zap/wrk/:rw -u root -t
> owasp/zap2docker-stable zap.sh -cmd -autorun /zap/wrk/Baseline_Scan.yaml*
>
> Command used on Local machine CLI: *zap.bat -cmd -autorun
> C:\Users\vinda_parab\Baseline_Scan.yaml*
Reply all
Reply to author
Forward
0 new messages