search

zaproxy / zaproxy

The ZAP by Checkmarx Core project
https://www.zaproxy.org
Apache License 2.0
12.73k stars 2.27k forks source link

Add sarif report generation when using zap full san script #8148

Closed megalucio closed 5 months ago

megalucio commented 1 year ago

Is your feature request related to a problem? Please describe.

I was able to generate a sarif report directly in the tool in the reports section. However this option is not available when we run as a fulls can as per here and also can be seen in the code. Only json report is possible.

Describe the solution you'd like

When using this functionality it will be nice if sarif report can also be generated.

Describe alternatives you've considered

Generate the report manually in the tool or using the API but then it gets much more complicated. This seems to work as well https://github.com/SvanBoxel/zaproxy-to-ghas

Screenshots

image image

No response

Additional context

No response

Would you like to help fix this issue?

thc202 commented 1 year ago

See https://github.com/zaproxy/zaproxy/pull/8005#issuecomment-1676468723

psiinon commented 5 months ago

Closing because we do not want to kee adding more and more options to the packaged scans. The automation framework is the way to go, it already supports all of the reports, not just the sarif one. It can also be run from the command line as well as in docker.

github-actions[bot] commented 2 months ago

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.