Unable to scan an App Service from Azure

[luiz1919]

I am trying to deploy a new App Service from code, and then run a scan over that specific website, such as "https://$(appServiceName).azurewebsites.net".

For some reason I still don't understand, the scan completes, but the report generation fails to create a valid results file, so when the task for publishing comes, I get "No Result Found to Publish '/home/vsts/work/1/s/owaspzap/test-results.xml'."

The code used is the same as the marketplace page defines for the tool.

Here you can see the output of the generation. A strange thing is that the name seems to be trimmed out at the beginning, there is no "https:".

Any help here?

[luiz1919]

It seems that the report.json that the scan generates, for some reason is messed up. There is no "https" anywhere in the url, and also the alerts are not present when clearly they were found and shown in the scan step.

{
    "@version": "2.11.1",
    "@generated": "Tue, 12 Apr 2022 10:05:10",
    "site":[ 
        {
            "@name": "//vulnerableWebAppServiceUB.azurewebsites.net",
            "@host": "//vulnerableWebAppServiceUB.azurewebsites.net",
            "@port": "443",
            "@ssl": "false",
            "alerts": [ 
            ]
        }
    ]
}

[QuentinBeeckmans]

Do you find any solution ? I have nearly the same problem. In my case:

2022-11-30 11:21:37,096 Failed to access summary file /home/zap/zap_out.json
Using the Automation Framework
Automation plan failures:
    Job spider failed to access URL [https://appmonitoringstoragemanager.azurewebsites.net:443](https://appmonitoringstoragemanager.azurewebsites.net/) : Read timed out

The scan doesn't complete in my case

[luiz1919]

To be honest I have not, this will remain a mistery for me...

[QuentinBeeckmans]

It seems to be only an error when I target an Azure website. Do you have another free tool to recommend ? It's for an end-of-school project