Using Zap with Docker

Akira

unread,

May 26, 2023, 12:52:12 PM5/26/23

to OWASP ZAP User Group

Hi all,

I'm attempting to automate an authenticated scan using Zap and Docker. I am using the most recent stable build of Docker. When I run my scan using `docker run --rm -v $(pwd):/zap/wrk/:rw -t owasp/zap2docker-stable zap.sh -cmd -autorun /zap/wrk/secret.zap.yaml`,

I am receiving the following warning messages:

Automation plan warnings:

Unrecognised parameter for job authentication : loginPageUrl

Unrecognised parameter for job authentication : loginRequestUrl

Unrecognised parameter for job authentication : sessionManagement

Unrecognised parameter for job alertFilter : deleteGlobalAlerts

Can someone take a look at my yaml file (attached - I've replaced the actual URLs I'm scanning with 'example.com') and let me know if you see anything missing?

Thanks!

help.zap.yaml

Simon Bennetts

unread,

May 26, 2023, 12:56:50 PM5/26/23

to OWASP ZAP User Group

Can you try again but this time using the image "owasp/zap2docker-live"

This could be a known issue, so just checking for that.

Cheers,

Simon

Akira

unread,

May 30, 2023, 11:16:01 AM5/30/23

to OWASP ZAP User Group

Hello Simon!

I did use the image you suggested, but unfortunately, was greeted with the same error message. Is there other information I can provide that would prove useful to solving this query?

Akira

Akira

unread,

May 30, 2023, 3:59:55 PM5/30/23

to OWASP ZAP User Group

I got it sorted by adjusting the yaml file for correct spacing. Thank you!

psiinon

unread,

May 31, 2023, 4:04:14 AM5/31/23

to zaprox...@googlegroups.com

Thanks for letting us know!

--
You received this message because you are subscribed to the Google Groups "OWASP ZAP User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/fb9d5e03-5946-4796-a88d-121db59b1856n%40googlegroups.com.