Commit 3e8e502a authored by FulcrandG's avatar FulcrandG
Browse files

Using zap-full-scan.py instead of zap-cli

parent 4e103dbe
Loading
Loading
Loading
Loading
+1 −1
Original line number Diff line number Diff line
@@ -37,6 +37,6 @@ use it as a service (we reccomend using our [Docker](https://hub.go2scale.io/job

| Name | Description | Default |
| ---- | ----------- | ------- |
| `ZAP_SCANNERS` <img width=100/> | A comma-spearated list of scanners to use <img width=175/>| ` ` <img width=100/>|
| `ZAP_OPTIONS` <img width=100/> | ZAP command line options e.g. `-z "-config aaa=bbb -config ccc=ddd"` <img width=175/>| ` ` <img width=100/>|
| `ZAP_CONTEXT` | Path for the context file for authenticated scans | ` ` |
| `ZAP_TARGET` | Target for zaproxy to scan, default using alias of the docker image used as a service | `http://app` |
+7 −8
Original line number Diff line number Diff line
@@ -5,25 +5,24 @@ zaproxy:
    image: owasp/zap2docker-stable:2.9.0
    stage: dynamic_tests
    variables:
      ZAP_SCANNERS: ""
      ZAP_OPTIONS: ""
      ZAP_CONTEXT: ""
      ZAP_TARGET: "http://app"
    script:
      - if [ ! -z ${ZAP_CONTEXT} ]; then
      -   zap-cli context import ${ZAP_CONTEXT}
      -   if [ ! -z ${ZAP_SCANNERS}]; then
      -     zap-cli quick-scan -s ${ZAP_SCANNERS} --context-name ${ZAP_CONTEXT} --start-options '-config api.disablekey=true' ${ZAP_TARGET}
      -   if [ ! -z ${ZAP_OPTIONS}]; then
      -     python zap-full-scan.py -n ${ZAP_CONTEXT} -z ${ZAP_OPTIONS} -t ${ZAP_TARGET} -r zap-report.html
      -   else
      -     zap-cli quick-scan --context-name ${ZAP_CONTEXT} --start-options '-config api.disablekey=true' ${ZAP_TARGET}
      -     python zap-full-scan.py -n ${ZAP_CONTEXT} -t ${ZAP_TARGET} -r zap-report.html
      -   fi
      - else
      -   if [ ! -z ${ZAP_SCANNERS}]; then
      -     zap-cli quick-scan -s $ {ZAP_SCANNERS} --start-options '-config api.disablekey=true' ${ZAP_TARGET} 
      -   if [ ! -z ${ZAP_OPTIONS}]; then
      -     python zap-full-scan.py -z ${ZAP_OPTIONS} -t ${ZAP_TARGET} -r zap-report.html
      -   else
      -     zap-cli quick-scan --start-options '-config api.disablekey=true' ${ZAP_TARGET}
      -     python zap-full-scan.py -t ${ZAP_TARGET} -r zap-report.html
      -   fi
      - fi
      - zap-cli report -o zap-report.html -f html
    artifacts:
      expose_as: "Zaproxy scan report"
      paths: