Closed freddidierRTE closed 9 months ago
The ZAP version used was the stable docker.
Automated Scans :
docker run -t owasp/zap2docker-stable zap-full-scan.py -t http://<localhostIP>:2002
or the webswing interface (see https://www.zaproxy.org/docs/docker/webswing/)Manual Explore :
Can only be launched from the webswing interface
To do so, type
docker run -v zap/:/home/zap/ -u zap -p 8080:8080 -p 8090:8090 -i owasp/zap2docker-stable zap-webswing.sh
and in the url to URL to explore type the ip given by $(ip -f inet -o addr show docker0 | awk '{print $4}' | cut -d '/' -f 1)
(localhost IP will not work,see : https://www.zaproxy.org/docs/docker/about/#scanning-an-app-running-on-the-host-os )
Unfortunately, manual explore does not seem to scan all the resquests between the front and the back, but only scans project files when looking for vulnerabilities
too old issue
This is a requirement for the infrastructure best practice badge. Try https://www.zaproxy.org/ : first test was ko , it does not support our http polling mechanism --> have to be test with addons https://www.zaproxy.org/docs/desktop/addons/server-sent-events/
Other solutions :