We have
been running the Zap Scan on our application (microservices APIs) via the gitlab pipeline. Off late the time taken for zap to complete has increased tremendously.
We need help to resolve this as we are unable to generate any VA reports for
assessment of new APIs being offered.
The steps we take to execute the zap scan are as under:
1. We build our application docker images
2. We run start up the zap docker image
3. Subsequently, we start the application in a separate minikube VM and configure the zap proxy details and run our FT regression test suite with proxy enabled for zaproxy.
4. This allows zap to collect all the URLs. At present we have around 251 URLs that serve as end points
5. After the URLs have been collected we run the active scan on these URLS.
6. It has been our observation that even after 20 hours only 33% scan is completed