Comments (9)
For my two cents: If you want more flexibility use an automation mechanism that's built for more flexibility like the API or automation framework.
That is the workaround, and tbh the recommended approach.
from zaproxy.
Just discussed this in irc.
This can be achieved in docker using either:
- Automation Framework (the recommended option)
- Scan Hooks
The packaged scans already have lots of command line options and we do not want to add to them.
from zaproxy.
See https://www.zaproxy.org/docs/automate/automation-framework/ - lots of v specific videos linked off there too 😁
You can create and test an AF plan in ZAP before exporting it to use on the command line, and that is indead the recommended approach.
from zaproxy.
Are you talking about the packaged scans or something else?
If its something else then I'm not sure I follow you...
from zaproxy.
For my two cents: If you want more flexibility use an automation mechanism that's built for more flexibility like the API or automation framework.
from zaproxy.
I'm talking about the reports, yes for the Python packaged scans (baseline, api, full), because they are only generated for the traditional templates
from zaproxy.
I'm using the Docker image for automation, it is very convenient.
What I lack is details about the passed tests in the reports.
I found that such information is only displayed in the traditional-html-plus and modern report templates, but the templates are hardcoded when we ask for -r my_report.html.
Thus, I'd like a way to decide what template to use.
All these templates are already stored in the /zap/plugins/reports.zap library within the Docker image.
from zaproxy.
Understood.
But note that the Automation Framework does already support all of the report types and can be used in the Docker images.
from zaproxy.
Thanks @psiinon ,
If I understand correctly it means creating my custom yaml instead of using the auto generated by each of the pre-packaged scans, right?
is there any templating or tool I can use to generate it?
from zaproxy.
Related Issues (20)
- Scan Reporting Empty GUID as Vulnerable JS Library Version HOT 1
- Zap message history tag not cover all json scenarios HOT 21
- Postman Collection Import | Request field is not present HOT 2
- zap-full-scan Report File is not written after full scan completes. No errors reported in the console. baseline scan works fine. HOT 4
- ZAP not printing script errors to console in cmdline mode with `-script` HOT 1
- Brotli not decoded properly HOT 8
- Please implement automatic report generation when autoscan complete HOT 3
- Manually set key binds not Applying. HOT 4
- Incorrect request with sender HOT 4
- AJAX Spider - 'Namespace for prefix 'xlink' has not been declared' error when crawling HOT 1
- Passive scan does not have the same scan policy configuration as active scan HOT 2
- Failed to generate reports with requests and responses HOT 1
- ZAP does not pause autoscanning when Pause button was clicked in Active Scan tab HOT 1
- UI problem on ZAP HOT 3
- can't get Replacer to work at all HOT 4
- "Cloud Metadata Potentially Exposed" Correct Response Inquiry HOT 7
- ZAP does not pause autoscan when internet connection become lost HOT 3
- `/xml/automation/view/planProgress` returns content with default toString() of java objects
- False positive in Single Page Application (SPA) HOT 6
- Disable cache - deleting cache headers HOT 11
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from zaproxy.