mercedes-benz / sechub

SecHub provides a central API to test software with different security tools.

https://mercedes-benz.github.io/sechub/

MIT License

268 stars 65 forks source link

Open Jeeppler opened 2 years ago

Jeeppler commented 2 years ago

Problem

At the moment it is not possible to see the rule OWASP ZAP is currently testing the page with.

Log what rule OWASP ZAP is using currently to scan the page (URL). For example:

scanning: my.page.example.org/
applying: 6_path_traversal
applying: 40018_sql_injection
…

In addition, one could log the time it takes to apply each rule.

Jeeppler commented 2 years ago

First have a look, if there is a way using the API and have a look at: https://github.com/zaproxy/zaproxy/issues