ZAP Image For OpenShift
OWASPOverview
The public docker registry version of OWASP's Zed Attack Proxy (ZAP) is not compatible with OpenShift without using privleged containers. This Docker image resolves that issue.
Running
The semantics of running this are identical to the public OWASP ZAP docker image, so look at the Wiki page HERE.
Deploying In OpenShift
oc new-build -l 'role=jenkins-slave' https://github.com/rht-labs/owasp-zap-openshift.git
Configuring In OpenShift Jenkins
- Log in to Jenkins with an account which has permissions to manage the Jenkins instance
- Install the following plugins:
- HTML Publisher Plugin
- Restart Jenkins
- Log back in to Jenkins and navigate to
Manage Jenkins -> Configure System
- Scroll down to the
Kubernetes
cloud configuration - Add a new "Pod Template" as shown below:
Using it in your Jenkinsfile
stage('Get a ZAP Pod') {
node('zap') {
stage('Scan Web Application') {
dir('/zap') {
def retVal = sh returnStatus: true, script: '/zap/zap-baseline.py -r baseline.html -t http://<some-web-site>'
publishHTML([allowMissing: false, alwaysLinkToLastBuild: false, keepAll: true, reportDir: '/zap/wrk', reportFiles: 'baseline.html', reportName: 'ZAP Baseline Scan', reportTitles: 'ZAP Baseline Scan'])
echo "Return value is: ${retVal}"
}
}
}
}