diff --git a/.gitignore b/.gitignore index 240e877..717c7e2 100644 --- a/.gitignore +++ b/.gitignore @@ -40,3 +40,7 @@ build/ ### Performance recordings ### perf/ + +### ZAP scan artefacts ### +gen.conf +zap-report.html diff --git a/zap.sh b/zap.sh index 3286e35..887a257 100755 --- a/zap.sh +++ b/zap.sh @@ -1,7 +1,15 @@ -docker run -v "$(pwd)":/zap/wrk/:rw -t ghcr.io/zaproxy/zaproxy:stable zap-api-scan.py \ +#!/usr/bin/env bash +# Run a ZAP API scan against a locally running OpenAPI server. +# Prerequisite: the example server must be listening on :8080, e.g. +# mvn test-compile exec:java \ +# -Dexec.mainClass=com.retailsvc.http.start.ServerLauncher \ +# -Dexec.classpathScope=test +set -euo pipefail + +docker run --rm -v "$(pwd)":/zap/wrk/:rw -t ghcr.io/zaproxy/zaproxy:stable zap-api-scan.py \ -t src/test/resources/openapi.json \ - -P 8080 \ -f openapi \ - -s -g gen.conf \ - -r zap-report.html \ - -t http://host.docker.internal:8080 + -O http://host.docker.internal:8080 \ + -s \ + -g gen.conf \ + -r zap-report.html