Troubleshooting a ZAP2Docker scan failure being ran by Jenkins.
99 views
Skip to first unread message
Kevin Alt
Aug 15, 2023, 1:00:00 PM8/15/23
to ZAP User Group
Hello everyone. I've tried to troubleshoot this some on my own but I'm not having success doing so based on the documentation that I've came across so far. Any information/thoughts/guidance would be much appreciated.
A little background
Sometime prior to June 13 2023, something broke with my ability to use owasp/zap2docker-stable. My last known working scan was June 2nd, 2023. Note that scans are only ran approximately every 2 weeks (when my organization does a release), so the exact date of breakage is unknown. I've attached logs where I exec'd into the running docker containers before they errored out and terminated.
What I can't seem to wrap my head around is that if I change the image from wasp/zap2docker-stable to owasp/zap2docker-weekly, my scans will run successfully. However, it seems to change my results some, so ideally I would like to get back to the owasp/zap2docker-stable image.
I've attached 2 files.
LogbeforeDebugging.txt is the output from the ZAP log (~/.ZAP/zap.log) within the docker container where ZAP is failing
WithDebugOn.txt is the output from the ZAP log (~/.ZAP/zap.log) within the docker container where ZAP is failing with debugging turned on
Here is my Jenkinsfile
thc...@gmail.com
Aug 15, 2023, 1:22:01 PM8/15/23
to zaprox...@googlegroups.com
Hi.
That's a known issue with 2.12 when installing add-ons, that was fixed
in 2.13 (and the weekly releases between).
The stable image should be already using 2.13 though. Are you not
pulling the latest stable image?
As workaround you could try start ZAP with `-silent` (see the `-z`
packaged scan arg), which should prevent the add-on updates and hitting
that issue. But updating to 2.13 would be better.
Best regards.
That's a known issue with 2.12 when installing add-ons, that was fixed
in 2.13 (and the weekly releases between).
The stable image should be already using 2.13 though. Are you not
pulling the latest stable image?
As workaround you could try start ZAP with `-silent` (see the `-z`
packaged scan arg), which should prevent the add-on updates and hitting
that issue. But updating to 2.13 would be better.
Best regards.
Kevin Alt
Aug 15, 2023, 3:32:34 PM8/15/23
to ZAP User Group
Apparently it isn't pulling the latest. I changed the jenkins job to run /zap/zap.sh -version and confirmed that it's still on the old 2.12.0. I'm working with my devops team to figure out why that is (since that's not the intention at all). Thank you so much for the help and the nudge in the right direction. It was exactly what I needed.
Reply all
Reply to author
Forward
0 new messages