Feedback wanted - what else would you like us to include in reports?

20 views
Skip to first unread message

Simon Bennetts

unread,
Nov 12, 2025, 6:05:42 AM (5 days ago) Nov 12
to ZAP User Group
We are planning on adding "non vulnerability" info to ZAP reports. So things like:
  • High number of authentication failures
  • High number of network failures
  • Total number of end-points found per site and per method
  • ...
What other things would you like us to report on?

Many thanks,

Simon

brown test

unread,
Nov 12, 2025, 7:03:05 AM (5 days ago) Nov 12
to zaprox...@googlegroups.com
Hi Simon, this question comes at an amazing time for me. I am a QA tester so unlike many of the individuals in your forums I'm not a developer but I do work with them :) 
My development team are looking for a few things that would help them have confidence in the reports we are reviewing from the scans.
1. We now recognize that all of the alerts are grouped by the Plugin id.
2. If there is only 1 instance found for an Alert, using the PluginID to customize an Alert so that the comments persist for all new executions would not be a problem if there is only 1 instance or evidence found. However, like this example, the comments we need to add to the Other Info field against the Plugin id would not  apply to the solution for every instance. We need a way to isolate comments so if we could either reference the URL, or the evidence information or a different indicator that gives us the ability to add a comment to the appropriate instance in the Alert that would be great.
3. If I could personally speak with someone that would be great for me because our company is also interested in using Zap to also execute the Attack function and I have been asked to look into doing that. I would also like to know what the difference in the report would look like when doing a passive assessment versus an attack.

Thank you in advance.


image.png

--
ZAP by Checkmarx: https://www.zaproxy.org/
---
You received this message because you are subscribed to the Google Groups "ZAP User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-user...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/zaproxy-users/4bd45e7e-fb54-47bf-a1fa-e6b46d6b3295n%40googlegroups.com.

brown test

unread,
Nov 12, 2025, 12:00:42 PM (5 days ago) Nov 12
to ZAP User Group
Another instance is when the plugin is not identified for an alert like these
see the attachment

Screenshot 2025-11-12 115952.png

Simon Bennetts

unread,
Nov 12, 2025, 12:20:08 PM (5 days ago) Nov 12
to ZAP User Group
Can you start a new thread for these questions?
I was explicitly asking for feedback on new "non vulnerability" data we can add to our reports.
I think the things you are asking about are not related to that.

Cheers,

Simon
Reply all
Reply to author
Forward
0 new messages