use custom report template in docker stable build

205 views
Skip to first unread message

PD Matthews

unread,
Jul 28, 2022, 4:25:43 AM7/28/22
to OWASP ZAP User Group

 

I would like to know the best way to inject a report template into the docker-stable build?

Basically the use case is to pull down the latest docker-stable each time I use zaproxy – however I would like to use a custom report template.

I would like to:

-know the best way to inject a report template into the docker-stable build?

-know the best way to remove sections of a report 

-have added to the json reports the relevant sections so that these can be removed using the method above


Thanks

Simon Bennetts

unread,
Jul 28, 2022, 4:32:46 AM7/28/22
to OWASP ZAP User Group
Hiya,

If you think other people could find your report useful then you could submit it to us via a PR - if it gets accepted then it will be included in future stable builds.
Otherwise / in the meantime, you can either:
  1. Build a new docker image which wraps our stable image and includes whatever you want - thats not difficult, we have an example build file here: https://github.com/zaproxy/zaproxy/blob/main/docker/Dockerfile-tests (ok, that extends docker-live, but you should get the idea)
  2. Mount a local drive using the docker "-v" command and then run a script in that drive which copies the files to the right places and runs ZAP as you require
Re removing sections - copy one of the existing reports, rename the relevant bits and remove anything you dont want using a text editor.

Cheers,

Simon

PD Matthews

unread,
Jul 28, 2022, 4:50:33 AM7/28/22
to OWASP ZAP User Group
Thanks I am exploring options 1 and 2

Re removing sections of the report with a edited version of the template does work - thanks

I was also trying to use the api and reporting addon; however the json report template does not have any sections defined. It would be useful to create sections in the json report so that the api can be used to remove sections. 

Most of these discussion points come from the evidence field not serialising and deserialising properly - so I created this new thread for this to discuss -  (de)serialisation of json report with evidence field (google.com)

PD Matthews

unread,
Aug 1, 2022, 1:14:39 AM8/1/22
to OWASP ZAP User Group
Hi Simon,

on a linux install, what is the directory to copy the custom report template to?

Thanks


Simon Bennetts

unread,
Aug 1, 2022, 3:04:13 AM8/1/22
to OWASP ZAP User Group

Cheers,

Simon
Reply all
Reply to author
Forward
0 new messages