deors
commented
5 years ago high-level steps that need to be performed: 1) before running ITs, stand up OWASP ZAP from a Docker image. we can look into ADOP Java cartridge for inspiration, and adapt that approach to Jenkinsfile. 2) run ITs using OWASP ZAP proxy, i.e. ensure proxy parameters are passed into the tests and used. 3) remove the OWASP ZAP container once it is not needed.
in integration tests stage, add a step to prepare the OWASP ZAP proxy, run failsafe using the proxy to collect information, and publish the vulnerability reports