Separate report for each URL
81 views
Skip to first unread message
Rob
Jun 23, 2025, 6:51:52 PM6/23/25
to ZAP User Group
Hello,
I'm able to run a Quick Start with baseline scan and generate a report from each scan. I'm trying to use the automation to scan multiple sites and generate a report for each site. When I run through the automation now, all my sites are generated on 1 report.
I've also tried running in Docker and modifying the zap.yaml however, it is only picking up the last URL My zap.yaml
I can't attach the yaml so here's the content.
Thanks.
env:
contexts:
- excludePaths: []
name: baseline
urls:
parameters:
failOnError: false
progressToStdout: false
jobs:
- parameters:
enableTags: false
maxAlertsPerRule: 10
type: passiveScan-config
- parameters:
maxDuration: 1
urls: https://example1.com
type: spider
- parameters:
maxDuration: 0
type: passiveScan-wait
- parameters:
format: Long
summaryFile: /home/zap/zap_out.json
rules: []
type: outputSummary
- parameters:
reportDescription: ''
reportDir: /zap/wrk/
reportFile: example1.com.html
reportTitle: ZAP Scanning Report
template: traditional-html
type: report
contexts:
- excludePaths: []
name: baseline
urls:
parameters:
failOnError: true
progressToStdout: false
- parameters:
enableTags: false
maxAlertsPerRule: 10
type: passiveScan-config
- parameters:
maxDuration: 1
urls: https://example2.com
type: spider
- parameters:
maxDuration: 0
type: passiveScan-wait
- parameters:
format: Long
summaryFile: /home/zap/zap_out.json
rules: []
type: outputSummary
- parameters:
reportDescription: ''
reportDir: /zap/wrk/
reportFile: example2.com.html
reportTitle: ZAP Scanning Report
template: traditional-html
type: report
Simon Bennetts
Jun 24, 2025, 6:06:51 AM6/24/25
to ZAP User Group
Hiya,
That is not a valid plan.
ZAP currently only supports one env section, which must be at the start and contain all of the contexts. The contexts you have defined later in the plan will be ignored.
If you want to scan multiple sites I'd recommend using one plan for each one - it can be the same plan but using env vars for the target.
Cheers,
Simon
Rob
Jun 25, 2025, 9:52:40 PM6/25/25
to ZAP User Group
Hello,
I've been trying to get the environment variable going. This is what I have so far but it's not working. I do need some help.
Here's what I have in my zap.yaml.
env:
contexts:
- excludePaths: []
name: baseline
urls:
- TARGET_URL: {{TARGET_URL}}
parameters:
failOnError: false
progressToStdout: false
jobs:
- parameters:
enableTags: false
maxAlertsPerRule: 10
type: passiveScan-config
- parameters:
maxDuration: 1
urls: ${Target_URL}
type: spider
- parameters:
maxDuration: 0
type: passiveScan-wait
- parameters:
format: Long
summaryFile: /home/zap/zap_out.json
rules: []
type: outputSummary
- parameters:
reportDescription: ''
reportDir: /zap/wrk/reports
reportFile: ${Target_URL}.html
reportTitle: ZAP Baseline Scanning Report
template: traditional-html
type: report
Here's the bash script.
#!/bin/bash
# List of URLs to scan
URLS=(
)
# File paths
TEMPLATE_FILE="zap.yaml"
GENERATED_FILE="zap-current.yaml"
REPORT_DIR="$(pwd)/reports"
# Create reports directory
mkdir -p "$REPORT_DIR"
for url in "${URLS[@]}"; do
echo "Scanning: $url"
# Sanitize URL to a safe file name (e.g., example1_com.html)
safe_name=$(echo "$url" | sed -E 's|https?://||; s|/|_|g; s|[^a-zA-Z0-9_]|_|g')
report_file="${safe_name}.html"
# Replace placeholders in YAML
sed \
-e "s|{{TARGET_URL}}|$url|g" \
-e "s|{{REPORT_FILENAME}}|$report_file|g" \
"$TEMPLATE_FILE" > "$GENERATED_FILE"
echo "Generated YAML:"
cat "$GENERATED_FILE"
# Run ZAP scan via Docker
docker container run --rm -v "$(pwd)":/zap/wrk/:rw -t zaproxy/zap-weekly zap.sh -cmd -autorun /zap/wrk/$GENERATED_FILE
echo "Report saved: reports/$report_file"
echo "----------------------------------------"
done
# Cleanup
rm -f "$GENERATED_FILE"
Rob
Jun 26, 2025, 2:01:06 PM6/26/25
to ZAP User Group
Figured it out. Some case issues in my yaml.
Thank you.
Simon Bennetts
Jul 1, 2025, 10:56:14 AM7/1/25
to ZAP User Group
Thanks for letting us know!
Simon
Reply all
Reply to author
Forward
0 new messages