I am using the ZAP docker image to run a Baseline Scan (= passive scan) using OWASP=ZAP and generate a report.
I want however to change all [Warn] Rules to [Ignore]. There should be a configuration file with all possible messages and its severity. Where is this Configuration File located and how should I change it?
Per the published docs, https://www.zaproxy.org/docs/docker/baseline-scan/ :
-g gen_file generate default config file (all rules set to WARN)
It's just a text file so edit it and use it:
-c config_file config file to use to INFO, IGNORE or FAIL warnings
-u config_url URL of config file to use to INFO, IGNORE or FAIL warnings
For example:
docker run -v $(pwd):/zap/wrk/:rw -t owasp/zap2docker-stable zap-baseline.py -t https://www.example.com -c /zap/wrk/my.conf -r /zap/wrk/testreport.html
Where my.conf is in the mapped pwd, then the report is written there as well.