Using Automation Framework with docker

101 views
Skip to first unread message

Andreas Andersson

unread,
May 12, 2023, 6:09:57 AM5/12/23
to OWASP ZAP User Group
Hello,
I am trying to use the automation framework in Docker using the instructions from https://www.zaproxy.org/docs/docker/about/

I am looking at the syntax for Mac terminal:

docker run -v $(pwd):/zap/wrk/:rw -t owasp/zap2docker-stable zap.sh -cmd -autorun /zap/wrk/zap.yaml


How should /zap/wrk be einterpreted? Should it be replaced with the directory to the yml-file? I have tried that, but I am only getting the result that "the file can not be found".

Regards,
Andreas

Simon Bennetts

unread,
May 12, 2023, 6:24:04 AM5/12/23
to OWASP ZAP User Group
Hi Andreas,

You should use the command specified and put your zap.yaml file in your current working directory (CWD).
The -v $(pwd):/zap/wrk/:rw part of the command of the command maps your CWD to the directory /zap/wrk in the docker container.

Does that make sense now?

Cheers,

Simon

Andreas Andersson

unread,
May 12, 2023, 6:27:38 AM5/12/23
to zaprox...@googlegroups.com
ok then the response i am getting is "docker: invalid reference format: repository name must be lowercase." And nothing more happens...

--
You received this message because you are subscribed to a topic in the Google Groups "OWASP ZAP User Group" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/zaproxy-users/SEWtb2ZMuMU/unsubscribe.
To unsubscribe from this group and all its topics, send an email to zaproxy-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/8cd64457-24ef-44a1-82a6-0967e477ec1cn%40googlegroups.com.

Simon Bennetts

unread,
May 12, 2023, 6:35:54 AM5/12/23
to OWASP ZAP User Group
Thats a docker error - you can try googling it?
Are you using exactly the same command that you shared before?

Andreas Andersson

unread,
May 12, 2023, 6:56:18 AM5/12/23
to zaprox...@googlegroups.com
Yes it was  syntax error, got it fixed, now it the scan is working but the last problem is that no report is created, "Automation plan failures:

Job report failed to generate report: Cannot create directory"


Which is strange because the directory was created without any problems when i used the automation framework without Docker. Maybe a docker issue also.


To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/ecaa0303-d0fd-4842-b1cc-0b4755341651n%40googlegroups.com.

Simon Bennetts

unread,
May 12, 2023, 7:06:58 AM5/12/23
to OWASP ZAP User Group
Check your zap.yaml file.
The target directory for the report needs to be /zap/wrk/ (or underneither that).
Is it?

Andreas Andersson

unread,
May 12, 2023, 7:09:29 AM5/12/23
to zaprox...@googlegroups.com
Ok i changed that, now it works, thanks for the help!

To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/83567dd9-de80-4be5-bd3c-ac886fc66fafn%40googlegroups.com.

Simon Bennetts

unread,
May 12, 2023, 7:13:01 AM5/12/23
to OWASP ZAP User Group
Good to hear its working for you - thanks for letting us know!
Reply all
Reply to author
Forward
0 new messages