Reputation: 1017
How to perform ZAP active scan (spider, ajaxspider, websocket and active scan) using Azure CI pipeline without docker or via command prompt
I want to perform full scan (spider, ajaxspider, websocket and active scan) using ZAP tool (with or without GUI of ZAP tool getting launched), generate report, using CI pipeline or command prompt commands. So, far i achieved following:
1. Full scan using below command, issue -> ZAP tool not closing after completing the scan. Command line still waiting(as shown in below screen shot)
Command used - zap.bat -quickurl https://example.com/ -quickprogress -quickout C:/ActualScanReport.html
2. Scan using daemon mode, but it is not performing full scan. As shown in command it is just performing quick scan also not quiting the command line.
zap.bat -daemon -quickurl https://juice-shop.herokuapp.com/#/ -quickprogress -quickout C:/TestResults_UIAutomation/ActualZAPReport.html
3. Scan using -cmd, exits on completion of task. But only performs quick scan and not complete scan.
zap.bat -cmd -quickurl https://juice-shop.herokuapp.com/#/ -quickprogress -quickout C:/TestResults_UIAutomation/ActualZAPReport.html
Upvotes: 1
Views: 523
Answers (1)
Reputation: 6234
Have a look at the ZAP Automation Framework - its allows you to tell ZAP what to do using a YAML file: https://www.zaproxy.org/docs/automate/automation-framework/
Upvotes: 1
Related Questions
- Troubleshooting Zap Docker Image for Authenticated API Scan
- How to login and scan with OWASP Zap
- How to perform form based authentication in ZAP docker instead headless scanning
- Zap docker - Active scan
- How to add a parameter in every http request in docker ZAP OWASP zap-full-scan
- Unable to perform zap spider scan using zap-java-api
- I'm Unable to spider the web page after form-based authentication using Zap-Cli