OWASP Zed Attack Proxy Scan

Ryan Partridge

unread,

May 31, 2021, 4:58:47 PM5/31/21

to OWASP ZAP User Group

Hi,

I'm trying to get set up with the OWASP Zap Scan proxy in Azure Dev Ops. Everyone seems to use the docker container version for automation, but I'm able to set up a pipeline to run the scan from my desktop version that I've got setup. What I'm now trying to figure out is how to save the reports generated after the scan once it complete. I've sepcified the report location in the agent job, but when I check that location once the task completes, the folder is empty. Any help is appreciated.

Simon Bennetts

unread,

Jun 1, 2021, 4:31:26 AM6/1/21

to OWASP ZAP User Group

Hi Ryan,

The recommended ways to automate ZAP are listed here: https://www.zaproxy.org/docs/automate/

Re the report issue - how are you generating the report?

Are there any errors in the zap.log file?

https://www.zaproxy.org/faq/somethings-not-working-what-should-i-do/#check-the-log-file

Cheers,

Simon

Ryan Partridge

unread,

Jun 1, 2021, 8:38:22 AM6/1/21

to OWASP ZAP User Group

The scan completes, and I can go in manually and save the report if I log on to the machine hosting the service, but the pipeline is supposed to save the html report per the config:

Simon Bennetts

unread,

Jun 1, 2021, 9:26:46 AM6/1/21

to OWASP ZAP User Group

The OWASP ZAP Scanner on Azure Devops was published by CSE-DevOps and has no direct connection to the ZAP team.

You will need to get in touch with them about that.

Cheers,

Simon

Reply all

Reply to author

Forward

OWASP Zed Attack Proxy Scan - Azure DevOps

Ryan Partridge

Simon Bennetts

Ryan Partridge

Simon Bennetts