Automatic security tests in Jenkins with OWASP ZAP

Grégoire Willmann on September 26, 2018

OWASP ZAP is a very popular tool used to find vulnerabilities in your codebase and in your instance/server setup. OWASP ZAP logo What it basi... [Read Full]
markdown guide
 

Thanks a lot for this interesting article!
I have tried to configure Zap in jenkins by following the same steps, but i have a error that i could not fix!
It is :
[ZAP Jenkins Plugin] PLUGIN VALIDATION (PLG), VARIABLE VALIDATION AND ENVIRONMENT INJECTOR EXPANSION (EXP)
ERROR: java.lang.IllegalArgumentException: ZAP INSTALLATION DIRECTORY IS MISSING, PROVIDED [ null ]

 

Are you sure the installation directory variable is set on your system?

Could you do echo $NAME_OF_YOUR_INSTALLATION_DIR_VAR and see if it is correctly set?

screenshot

 

Hi, thank you for your answer.

Yes, i added the variable (ZAP Installation Directory) in the PATH (system variable) and still have the same probleme.

However, i fixed it by setting the environment variable in the jenkins configuration (name & value under manage jenkins-> Global setting) and it works finally!

 

Hey Grégoire,

Take a look at Probely (probely.com) and gives us your feedback.

Thanks,
Filipe

 

Hello Filipe,

Seems nice! But in my case I can have the same functionalities for free with Jenkins.

 

Hi Grégoire, not really sure if I understood your comment. Probely has a plugin that can be used within Jenkins to perform dynamic application security testing.

And Gregoire said he can do the same thing, but with owasp zap instead, since it's free. so why pay for probely?

@selaru , not really trying to argue here, just wanted to understand his comment.

If you ignore the cost for a human resource to operate it, then yes, Zap is free. Zap is better suitable for a pentester, to help him/her doing the pentest. Probely is more suitable for point&shoot and wait for the results. Two different scenarios.

code of conduct - report abuse