ZAP on docker and running selenium tests on a different Windows node

[Ravi Eluri]

I m having trouble running ZAP scan on an existing selenium test suite (in java) that we currently run on a Windows node against Chrome browser. 

If I have a local ZAP instance on the same windows node, the tests and the scan is running fine.

However, I want to use ZAP docker instance to avoid managing the version of local zap instance. 

With ZAP docker instance - I see that the tests are being launched but most (if not all) are failing with timeout issues. I have already tried increasing the timeout by 3 times but it is still failing.

org.openqa.selenium.NoSuchElementException: Timed out after 30 seconds. Unable to locate the element

Am I missing any specific configuration to get it working or is it recommended to have ZAP running on the same host where the tests are running?

[Simon Bennetts]

Difficult to say based on just that error message.

However Docker does change the networking, so its possible that a URL in your app which works on the same windows node will fail when accessed from a docker container.

Can you build up a list of URLs that the browser will need to use and then double check they are accessible from the docker container? You can just use curl from the command line for that.

[RaviH]

Thanks for the quick reply.

I did make sure that the app can be accessible from the zap (by adding a host file entry). The tests are being launched properly, I notice that the login works fine too but then, the tests start failing due to timeouts.

[Simon Bennetts]

Does your app use other services via the frontend? If so then you'll need to be able to access them from docker as well.

If not can you look at when the tests are failing and figure out what the underlying cause is?

Right now I think its more likely to be an app / networking issue than a ZAP one but we just dont have enough evidence to say either way :/

[RaviH]

Thanks for your comments. It turned out to be the networking issue where we had trouble with the connections between the vm and the docker instance. It is fixed now and the zap scan is running fine too.

However, I see that the time it takes to run passive and active scan is large and it is not consistent either. It took 3 hrs once and next time it took 9 hours. May be networking issues at that time caused that variation but I would like to understand if there is any performance tuning that we could do to ensure the scan runs faster. Please advise or point to any documentation that you may have to help us achieve that. 

[Simon Bennetts]

My guess would be either networking issues or target application issues :)

For ZAP performance tuning the best doc we have is linked off this FAQ: https://www.zaproxy.org/faq/how-can-you-speed-up-scans/