Contents

#!/usr/bin/env bash

usage="
$0: Run OWASP Zap scan against local server

Usage:
  $0 -h
  $0 [-f] [-s]

Options:
-h: show help and exit
-f: run full scan
-s: run with zap2docker-stable docker image

Notes:
* defaults to running a baseline scan in zap2docker-weekly
* prerequisites:
  * db must be running
  * docker must be running
  * nothing listening on port 3000
* script currently only works on macOS
"

set -e

scan="zap-baseline.py"
docker_tag="weekly"

while getopts "hfs" opt; do
  case "$opt" in
    f)
      scan="zap-full-scan.py"
      ;;
    s)
      docker_tag="stable"
      ;;
    *)
      echo "$usage"
      exit 1
      ;;
  esac
done


hostname="http://host.docker.internal:3000"
args="-c zap.conf -I -r zap_report.html"
cmd="docker run --rm -v $(pwd):/zap/wrk/:rw -t ghcr.io/zaproxy/zaproxy:$docker_tag $scan -t $hostname $args"

`dirname "$0"`/with-server "$cmd"

Version data entries

5 entries across 5 versions & 1 rubygems

Version	Path
rails_template_18f-2.0.0	templates/bin/owasp-scan
rails_template_18f-1.3.0	templates/bin/owasp-scan
rails_template_18f-1.2.0	templates/bin/owasp-scan
rails_template_18f-1.1.0	templates/bin/owasp-scan
rails_template_18f-1.0.0	templates/bin/owasp-scan