.yml file for automation in Azure Pipeline

[Tiko Miedendorp]

Hey all, I am currently doing an internship to automate the security testing that they can use in their pipeline on their application. However, i'm quite new to .yml files and how to use them properly. I am really stuck and getting a lot of errors each time when trying to run the pipeline. Can somebody maybe help me with adjusting some incorrect parts?

stages:

- stage: 'buildstage'

  jobs: 

  - job: 'buildjob'

    pool: 

      vmImage: 'ubuntu-latest'

    steps:

    - checkout: self

    - bash: |

        docker pull zaproxy/zap-stable

        docker run -v $(pwd):/zap/wrk/:rw -t zaproxy/zap-stable zap-baseline.py -t "example.com" -x report.xml

      displayName: 'Backoffice Baseline Scan'

    

    - powershell: |

        $XslPath = "<repo>/xml_to_nunit.xslt" 

        $XmlInputPath = "xml_report.xml"

        $XmlOutputPath = "converted_report.xml"

        $XslTransform = New-Object System.Xml.Xsl.XslCompiledTransform

        $XslTransform.Load($XslPath)

        $XslTransform.Transform($XmlInputPath, $XmlOutputPath)

      displayName: 'PowerShell Script'

    - task: PublishTestResults@2

      displayName: 'Publish Test Results'

      inputs:

        testResultsFormat: 'NUnit'

        testResultsFiles: 'converted_report.xml'


I try to run to run it like this now, where the trigger is after the daily deployment and will just be a baseline test and publish the results in n-unit

Eventually, what I want is to first perform all the runs on all the urls (7 in total) and then combine the resutls and make one big report of the pipeline.

Help is extremely appreciated ;)

[Tiko Miedendorp]

This is when i tr to run it on for example tesla.com

[Tiko Miedendorp]

Maybe anyone is willing to show their .yml file that I can use as an example? I'm quite stuck and new to .yml files. The only thing my file should eventually do is: when the daily deployment is finished, the baseline scans will be performed on 7 urls and the results will be reported in a nice format.

[Bernie Jordaan]

Hi,

As far as I can see it does not seem that your pipeline is the problem. If you look at the error in the screenshot sent. The issue seems to be with scanning the site specified with ZAP. 

What is the error you are getting for example.com?

[Simon Bennetts]

See this FAQ: https://www.zaproxy.org/faq/why-cant-zap-connect-to-my-website/