Using zap apis in docker image

[Dev Prakash]

I am using zap's docker image for my openapi spec. Want to know how I can use zap apis in docker image ? 

[Simon Bennetts]

What are you trying to do? :)

You might like to have a look at the Automation Framework https://www.zaproxy.org/docs/automate/automation-framework/

This is probably easier than using the APIs and covers most of the main automation use cases, including importing OpenAPI specs.

Cheers,

Simon

[Dev Prakash]

I wanted to leverage zap apis in some of the hooks, nothing much. 

I had another question. How do I get this kind of json report generated at the end of my scan https://www.zaproxy.org/docs/desktop/addons/report-generation/report-traditional-json-plus/. 

All I get to see is this kind of report https://www.zaproxy.org/docs/desktop/addons/report-generation/report-traditional-json/ . I don't want this report. 

Is there any option which I need to pass while running docker image to get the former report  ? 

[Simon Bennetts]

We have a couple of example hook files here: https://github.com/zaproxy/community-scripts/tree/main/scan-hooks

The LogMessagesHook.py script calls a couple of ZAP APIs so you should be able to get the gist from those.

For much more info about the API see https://www.zaproxy.org/docs/api/

The packaged scans do not allow you to choose the report you want, and I don't see that changing.

For this I do recommend you look at the Automation Framework, which does provide that option.

The packaged scans are (slowly) being migrated to use the AF under the covers in any case.

Cheers,

Simon