API authentication when running Zap in headless docker

92 views

Skip to first unread message

Neil Watson

unread,

Jul 18, 2018, 9:50:23 AM7/18/18

to OWASP ZAP User Group

Greetings,

I'm running the Zap docker image in Jenkins job for CI/CD like this:

docker run -t owasp/zap2docker-weekly zap-baseline.py -t $url

and this:

docker run -t owasp/zap2docker-weekly zap-api-scan.py -t $url -f openapi

Supposed the target URL needs a user/password or an authentication token, who can those be included in the above commands?

Simon Bennetts

unread,

Jul 18, 2018, 9:56:59 AM7/18/18

to OWASP ZAP User Group

We usually recommend that people configure the ZAP Desktop to get authentication working, and then convert that to ZAP configs and pass them into the docker image.

However I've just noticed https://github.com/ICTU/zap-baseline - it looks like GitLab is using this as well https://gitlab.com/gitlab-org/zap-baseline

Not tried it myself, but it might be worth a play.

If you do then please report back whether it worked or not.

Cheers,

Simon

Reply all

Reply to author

Forward

0 new messages