owasp-zap-vsts-task | Visual Studio Team Services build/release task | Continuous Deployment library
kandi X-RAY | owasp-zap-vsts-task Summary
kandi X-RAY | owasp-zap-vsts-task Summary
Visual Studio Team Services build/release task for running OWASP ZAP automated security tests
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of owasp-zap-vsts-task
owasp-zap-vsts-task Key Features
owasp-zap-vsts-task Examples and Code Snippets
Community Discussions
Trending Discussions on owasp-zap-vsts-task
QUESTION
I set an Azure devops CI/CD build that will start a vm where Owasp Zap is running as a proxy and where the Owasp zap Azure devops task will run on a target url and copy my report in an Azure Storage.
Followed this guy's beautiful tutorial: https://kasunkodagoda.com/2017/09/03/introducing-owasp-zed-attack-proxy-task-for-visual-studio-team-services/ (also the guy who created the Azure devops task)
All well and good but recently I wanted to use an REST Api as a target url. The Owasp zap task in azure devops doesn't have the ability. Even asked the creator (https://github.com/kasunkv/owasp-zap-vsts-task/issues/30#issuecomment-452258621) and he also didn't think this is available through the Azure devops task and only through docker.
On my next quest I am now trying to get it running inside a docker image. (Firstly inside Azure devops but that wasn't smooth https://github.com/zaproxy/zaproxy/issues/5176 ) And finally getting on this tutorial (https://zaproxy.blogspot.com/2017/06/scanning-apis-with-zap.html)
Where I am trying to run a docker image with the following steps:
--- docker pull owasp/zap2docker-weekly
--running the container
-------command : docker run -v ${pwd}:/zap/wrk/:rw -t owasp/zap2docker-weekly zap-api-scan.py -t https://apiurl/api.json -f openapi -z "-configfile /zap/wrk/options.prop
"
ANSWER
Answered 2019-Jan-17 at 17:50Firstly, your property file format is wrong. You only need the '-config' and '\'s if you set the options directly on the command line. In the property file you should have:
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install owasp-zap-vsts-task
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page