dockerwindows-subsystem-for-linuxowaspzap

ZAP baseline scan doesn't generate report


I'm running the example scan from the docs page:

docker run --rm -v /home/zap:/zap/wrk/:rw -t ghcr.io/zaproxy/zaproxy:stable zap-full-scan.py -t https://www.example.com -r testreport.html

The scan seems to finish normally, at leas according to logs (last few lines follow):

99208 [ZAP-Scanner-0] INFO org.parosproxy.paros.core.scanner.HostProcess - completed host/plugin https://www.example.com | SlackerCookieScanRule in 0.004s with 0 message(s) sent and 0 alert(s) raised.

99209 [ZAP-Scanner-0] INFO org.parosproxy.paros.core.scanner.HostProcess - completed host https://www.example.com in 46.027s with 6 alert(s) raised.

99209 [Thread-26] INFO org.parosproxy.paros.core.scanner.Scanner - scanner completed in 46.051s

However, there is nothing in my local /home/zap. I don't know what is wrong. Maybe because I'm using WSL?

EDIT:

As this might be a permission problem, I built a new docker image with the following Dockerfile:

FROM ghcr.io/zaproxy/zaproxy:stable

# Create the directory
RUN mkdir -p /zap/wrk

# Change ownership of the directory
RUN chown -R zap:zap /zap/wrk

# Set the working directory
WORKDIR /zap/wrk

Now when I try to run

docker run --rm -v /home/zap:/zap/wrk/:rw -t cloud_zap zap-full-scan.py -t https://www.example.com -r testreport.html

I get

2023-12-02 13:06:19,201 Failed to start ZAP :(


Solution

  • This could be a file permissions problem.

    Try

    docker run -v $(pwd):/zap/wrk/:rw -t ghcr.io/zaproxy/zaproxy:stable touch /zap/wrk/test.txt

    Does that create the test.txt file in your CWD?

    FYI taken from https://www.zaproxy.org/docs/docker/diagnosing-problems/#cannot-access-created-files