Skip to content

OWASP ZAP / Zaproxy

Zaproxy is a widely used, open source security testing tool.

We specifically support the Zaproxy output!

Gitlab & Zaproxy

run-security-test:
  image: owasp/zap2docker-stable
  variables:
    HOME_URL: "https://www.calliope.pro"
    API_KEY: YOUR_API_KEY
    PROFILE_ID: YOUR_PROFILE_ID
  allow_failure: true
  script:
  - mkdir /zap/wrk/
  - /zap/zap-baseline.py -x security-report.xml -t $HOME_URL || true
  - cp /zap/wrk/security-report.xml .
  - curl -X POST -H "x-api-key:$API_KEY" -H "Content-Type:application/*" --data "@security-report.xml" https://app.calliope.pro/api/v2/profile/$PROFILE_ID/report/import/zaproxy
  artifacts:
    paths: [security-report.xml]
  when: manual

Improve this documentation

Do have more information on setting up Zaproxy or how to put it in a different pipeline like Jenkins or Travic CI? Let us know!