Docker API Scan in GitLab - WARN-NEW or FAIL-NEW are not reflected in the output
63 views
Skip to first unread message
michal
May 17, 2022, 7:26:37 AM5/17/22
to OWASP ZAP User Group
Hi Team,
I am running OWASP ZAP API scan in GitLab from docker image (owasp/zap2docker-stable). There are alerts in the ZAP Scanning Report:
But there are no WARN-NEW or FAIL-NEW in the output:
Can I ask if anyone has encountered this?
Thanks.
Michal
I am running OWASP ZAP API scan in GitLab from docker image (owasp/zap2docker-stable). There are alerts in the ZAP Scanning Report:
But there are no WARN-NEW or FAIL-NEW in the output:
Can I ask if anyone has encountered this?
Thanks.
Michal
Simon Bennetts
May 17, 2022, 7:35:28 AM5/17/22
to OWASP ZAP User Group
Have a look at the URLs of the alerts in the report.
By default the report includes everything, including alerts for URLs that are strictly speaking out of scope.
The packaged scans will only report issues that are under the URL you specified.
Cheers,
Simon
Reply all
Reply to author
Forward
0 new messages