Only arm64 images available

[twartonick]

Using Microsoft Hosted Azure agent ubuntu-latest getting following error:

Status: Downloaded newer image for owasp/zap2docker-stable:latest WARNING: The requested image's platform (linux/arm64) does not match the detected host platform (linux/amd64/v4) and no specific platform was requested exec /zap/zap-full-scan.py: exec format error

When I go to https://hub.docker.com/r/owasp/zap2docker-stable/tags?page=&page_size=&name=&ordering=last_updated I see only arm64 images, did stop building amd64 images? I have many, many pipelines that use the scanner and this will be close to breaking lots o' things.

edit: I did find that there is a owasp/zap2docker-bare that is amd64 image, and I tried to pin the image using "inputs: version: "owasp/zap2docker-bare:latest" in the task inputs, but it still grabbed the arm64 version (stable-latest), is there a way to specify which image to download/use in the task?

pipeline code:

• task: owaspzap@1 displayName: 'ZAP Scanner' continueOnError: true inputs: aggressivemode: ${{ parameters.agressiveMode }} threshold: ${{ parameters.threshold }} scantype: targetedScan url: ${{ parameters.url }} port: 443

Thank you in advance for any help!

[superjulius]

There is no way to specify the image to use :-(

And ZAP announced that they were moving away from OWASP organization and the official ZAP Docker images are now published to the Software Security Project Docker Hub Organisation

Can we expect an update of the very useful DevOps task ?

Or do we need to plan and move to something else?

See also https://github.com/zaproxy/zaproxy/issues/8440

[twartonick]

Here's my work-around/replacement, bash to the rescue as always, hope someone finds it useful...

Test owasp task replacement

jobs:

• job: Build_Run_ZAP_Container displayName: 'Install and Run ZAP' pool: vmImage: 'ubuntu-latest'

  steps:

  - checkout: none

  • task: bash@3 displayName : 'Run ZAP' inputs: targetType: 'inline' script: | echo "#### Get the latest ZAP docker image ####" echo "############################################"

    docker pull softwaresecurityproject/zap-stable:latest

    echo "##### Set up some stuff #######" echo "###############################" /usr/bin/id -u root /usr/bin/mkdir -v -p /home/vsts/work/1/s/zap /usr/bin/chmod 777 /home/vsts/work/1/s/zap

    echo "Check whats in the dir tree" echo "###############################"

    pwd ls -ahl /home/vsts/work/1/s

    echo "####### RUN The SCAN #######" /usr/bin/docker --debug run -u 0 -v /home/vsts/work/1/s/zap:/zap/wrk/:rw softwaresecurityproject/zap-stable zap-full-scan.py -t https://dev-some-websiteapp1.azurewebsites.net:443 -J report.json -r report.html

[ghs]

Would be easier to have the task giving the possibility to specify which image to use...