search

zaproxy / zaproxy

The ZAP core project
https://www.zaproxy.org
Apache License 2.0
12.22k stars 2.21k forks source link

Latest owasp/zap2docker-weekly Image Missing `linux/amd64` Build #8440

Closed mike-weiner closed 2 months ago

mike-weiner commented 2 months ago

Describe the bug

The latest owasp/zap2docker-weekly image appears to not have an amd64 image built. Could the linux/amd64 image get rebuilt and published?

Steps to reproduce the behavior

  1. Visit https://hub.docker.com/r/owasp/zap2docker-weekly/tags
  2. No linux/amd64 tag listed.

Expected behavior

I would expect to have a linux/amd64 tag built and available to download.

Software versions

N/A

Screenshots

Screenshot 2024-04-11 at 2 02 49 PM

Errors from the zap.log file

No response

Additional context

No response

Would you like to help fix this issue?

JohnStarich commented 2 months ago

Interestingly, it also looks like there's only a single tagged release – no other version.

thc202 commented 2 months ago

OWASP ZAP Docker images are no more, this should not be news: https://www.zaproxy.org/blog/2023-08-01-zap-is-joining-the-software-security-project/#docker-hub https://www.zaproxy.org/blog/2023-10-12-zap-2-14-0/#rebranding-and-docker-hub-move

(And many more posts in the user group and other places.)

For images that should be used: https://www.zaproxy.org/docs/docker/about/#install-instructions

kingthorin commented 2 months ago

Please refer to: https://www.zaproxy.org/download/#docker

As ZAP is no longer an OWASP project the images are moving away from the OWASP Docker org and will soon no longer be available there.

The images published today/this week are still a work in progress.

JohnStarich commented 2 months ago

Thanks @thc202. Somehow we missed the announcements.

It was a bit surprising to see previously existing image tags disappear (or drop amd64 on latest), which broke our builds. We'll update accordingly.

nejch commented 1 month ago

I'm not sure if the actual deletions were done on the OWASP side or by the zaproxy team, but just wanted to add that while moving new image deployments and tags totally makes sense to me, I find it strange to actually delete old tagged images from the previous namespace rather than keeping previous releases.

At least this is how I've always seen migrations (even between different registries) done in other projects. People generally pin tagged image versions and digests with the expectation that they are immutable.