如何运行 ZAP Scan 来扫描另一个容器
[英]How to run ZAP Scan to scan another container
问题描述
I'm a total newbie in DevSecOps.
我是 DevSecOps 的新手。 Recently I try to implement DAST in the Gitlab CICD pipeline but somehow ZAP wasn't able to access the host.最近我尝试在 Gitlab CICD 管道中实现 DAST,但不知何故 ZAP 无法访问主机。
For the start, here is my gitlab-ce.yml首先,这是我的 gitlab-ce.yml
services:
- docker:dind
before_script:
- docker info
stages:
- build
- test
create_docker:
stage: build
script:
# https://community.wia.io/d/15-accessing-the-host-from-inside-a-docker-container
- docker run --rm -d -t -p 80:80 --network="host" yeasy/simple-web:latest
DAST_Scan:
stage: test
script:
- docker run -t owasp/zap2docker-weekly zap-baseline.py -t http://$(ip -f inet -o addr show eth0 | awk '{print $4}' | cut -d '/' -f 1):80
allow_failure: true
I tested the yeasy/simple-web:latest registry and seems that the webserver was running fine.我测试了yeasy/simple-web:latest注册表,似乎网络服务器运行良好。 To keep it running, i detached the process as shown on the build stage.为了让它继续运行,我分离了构建阶段所示的过程。
But on Dast scan job, ZAP keep coming up with this error但在 Dast 扫描作业中,ZAP 不断出现此错误
Status: Downloaded newer image for owasp/zap2docker-weekly:latest
2021-04-22 23:28:32,350 Could not find custom hooks file at /home/zap/.zap_hooks.py
Apr 22, 2021 11:28:41 PM java.util.prefs.FileSystemPreferences$1 run
INFO: Created user preferences directory.
ERROR [Errno 5] ZAP failed to access: http://172.17.0.3:80
2021-04-22 23:28:47,657 I/O error: [Errno 5] ZAP failed to access: http://172.17.0.3:80
Traceback (most recent call last):
File "/zap/zap-baseline.py", line 331, in main
zap_access_target(zap, target)
File "/zap/zap_common.py", line 104, in _wrap
return_data = func(*args_list, **kwargs)
File "/zap/zap_common.py", line 387, in zap_access_target
raise IOError(errno.EIO, 'ZAP failed to access: {0}'.format(target))
OSError: [Errno 5] ZAP failed to access: http://172.17.0.3:80
Found Java version 11.0.10
What is the correct way to do this kind of scan?进行这种扫描的正确方法是什么? how to fix this since im stuck here almost a week now.如何解决这个问题,因为我现在在这里呆了将近一个星期。
1 个解决方案
解决方案1
2 2021-04-23 10:38:01
We have a FAQ for that:)https://www.zaproxy.org/faq/why-cant-zap-connect-to-my-website/我们有一个常见问题解答:)https://www.zaproxy.org/faq/why-cant-zap-connect-to-my-website/
Basically this is highly unlikely to be a ZAP problem, its much more likely to be a Docker networking issue.基本上这不太可能是 ZAP 问题,它更有可能是 Docker 网络问题。 You can double check that by using curl as per the FAQ.您可以按照常见问题解答使用 curl 仔细检查。
The solution?解决方案? Also in the ZAP docs: https://www.zaproxy.org/docs/docker/about/#scanning-an-app-running-in-another-docker-container同样在 ZAP 文档中: https://www.zaproxy.org/docs/docker/about/#scanning-an-app-running-in-another-docker-container
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.