ZAP Report Competition

[Simon Bennetts]

We have an all new Report Generation add-on that was launched at ZAPCon 2021 and which is available from the ZAP Marletplace right now.

And we need your help to create modern, stylish and flexible report templates for the benefit of ZAP users everywhere.

So we're just launched an all new ZAP Report Competition!

If you have any questions about it then please ask them here...

Many thanks,

Simon

[Simon Bennetts]

There is a new ZAP Deep Dive video on Report Generation https://www.youtube.com/watch?v=kD540gUWJ3I

The add-on has also just been updated on the ZAP Marketplace and now supports resources like images and JS files.

The extended HTML report even includes an example of a chart :O

However I'm sure lots of you here will be able to do much better than this, so give it a go asap and start working on your submissions for the ZAP Report Competition :)

Many thanks,

Simon

[Caleb Chang]

woo!

[Mike Pops]

Hello Simon,

The new report template looks nice.

But also, I wanted to ask about report export functionality in separated conversation, but would like to ask about here (I think it also wright place).

If during the testing we had Ajax Spider run, and after Active or different types of scans - in the final report we will have all alerts in the report, not filtered only for Scoped target.

Is there present any chance to filter/generate report related only to target of testing (without external domains that were loaded for static contend etc)?

[Simon Bennetts]

The new Report Generation add-on already supports selecting the sites via the desktop UI.

It will be updated to add API support ASAP.

All of the other reporting add-ons will be deprecated in favour of this new one.

Cheers,

Simon

[Khopithan Sathiyakeerthy]

Hi Simon,

How to use this addon in CI/CD pipeline. I went through the documentation but I don't get that.

Can you please tell how to use this in the below command,

cd C:\Program Files\OWASP\Zed Attack Proxy && zap.bat -quickurl http://example.com - "C:\Users\Administrator\Desktop\ZAP report\zap-report.html" -cmd -quickprogress    

Thank & Regards,

Khopi

[Simon Bennetts]

Hi Khopi,

The Report Generation does not currently support generating reports from the command like that. It is planned, just not implemented yet.

It does support generating reports via the Automation Framework, but thats still at an early stage: https://www.zaproxy.org/docs/automate/automation-framework/

The Report Generation add-on is included by default in the weekkly releases, but you can add it to the stable release via the command line option "-addoninstallreports"

Cheers,

Simon

[Simon Bennetts]

Hi folks,

As I mentioned in yesterdays AMA - the Reporting Competition was been extended until October 1st 2021.

For an example of whats possible update the Report Generation add-on to use the latest version and then try out the new Modern report which is the new default and has been awarded $200 due to its extensive themes!

Dont forget that if you can think of any new data that you think reports should have access to then let us know asap - we've already added the parameter details thanks to a request :)

Many thanks,

Simon