Disabling login/credentials screen for ZAP tool
60 views
Skip to first unread message
Vaibhav Badave
Feb 17, 2025, 5:50:25 AMFeb 17
to ZAP User Group
Hello Team,
Greetings !
Recently, I deployed ZAP tool on Kubernetes. I followed official documentation. I want to deploy ZAP tool as Web based app hence used below image which is based on Webswing,
Application got deployed, URL working fine (private route) but showing Login page/Credentials screen which I want to skip and want to see main dashboard screen. Can we do that? Screenshot attached. Please suggest
manifest snippet-
ports:
- containerPort: 8080
name: web
protocol: http
servicePort: 8080
Dockerfile
FROM ghcr.io/zaproxy/zaproxy:stable
USER zap
EXPOSE 8080
EXPOSE 8090
CMD ["zap-webswing.sh"]
regards,
manifest snippet-
ports:
- containerPort: 8080
name: web
protocol: http
servicePort: 8080
Dockerfile
FROM ghcr.io/zaproxy/zaproxy:stable
USER zap
EXPOSE 8080
EXPOSE 8090
CMD ["zap-webswing.sh"]
regards,
Vaibhav.
Simon Bennetts
Feb 19, 2025, 11:37:15 AMFeb 19
to ZAP User Group
Hi Vaibhav,
If you can just "skip" that screen then you application authentication would be broken, wouldnt it?
If you can disable authentication (in a safe test environment) then that is a good idea, but whether or not you can do that will depend on your app, not ZAP.
Failing that you will need to configure ZAP to handle authentication - see https://www.zaproxy.org/docs/authentication/
Cheers,
Simon
Vaibhav Badave
Feb 20, 2025, 7:23:49 AMFeb 20
to ZAP User Group
Hello Simon ,
Greetings and thank you for your reply...
Basically I am from Devops team and want to deploy web based ZAP tool for QA team. They are using ZAP tool as Desktop app and want to use as Web based app. Hence I am deploying using below image. The attached screenshot in previous email is the URL for Web based ZAP tool. Could you please suggest how to disable authentication screen. Or there is not mechanism for same. I used below ENV vars in Dockerfile but it did not helped.
Image
ghcr.io/zaproxy/zaproxy:stable
# Add environment variables to disable authentication
ENV ZAP_AUTH_HEADER_VALUE=""
ENV ZAP_AUTH_HEADER=""
ENV ZAP_AUTH_HEADER_SITE=""
# Add environment variables to disable authentication
ENV ZAP_AUTH_HEADER_VALUE=""
ENV ZAP_AUTH_HEADER=""
ENV ZAP_AUTH_HEADER_SITE=""
Is there any sample Dockerfile for same?
regards,
Vaibhav.
Simon Bennetts
Feb 20, 2025, 12:19:04 PMFeb 20
to ZAP User Group
Hi Vaibhav,
That screenshot has is nothing to do wth ZAP, I know nothing about it.
You'll have to talk to whoever maintains this app.
If you need to handle authentication then see https://www.zaproxy.org/docs/authentication/ - just setting empty env vars wont help.
Cheers,
Simon
19CEF012 ARUN R
Sep 25, 2025, 3:58:23 AM (12 days ago) Sep 25
to ZAP User Group
Hi Vaibhav, may I know how you resolved it?
Thanks in advance.
Thanks in advance.
Reply all
Reply to author
Forward
0 new messages