Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/kubeshop/testkube-executor-zap

ZAP based security tests executor for Testkube
https://github.com/kubeshop/testkube-executor-zap

kubernetes owasp owasp-zap security-testing testing testkube zap

Last synced: 16 days ago
JSON representation

ZAP based security tests executor for Testkube

Awesome Lists containing this project

README 

        
![Testkube Logo](https://raw.githubusercontent.com/kubeshop/testkube/main/assets/testkube-color-gray.png)



# Welcome to TestKube ZAP Executor



TestKube ZAP Executor is a test executor to run ZED attack proxy scans with [TestKube](https://testkube.io).  



## Usage



You need to register and deploy the executor in your cluster.

```bash

kubectl apply -f examples/zap-executor.yaml

```



Issue the following commands to create and start a ZAP test for a given YAML configuration file:

```bash

kubectl testkube create test --filename examples/zap-api.yaml --type "zap/api" --name api-test

kubectl testkube run test --watch api-test



kubectl testkube create test --filename examples/zap-baseline.yaml --type "zap/baseline" --name baseline-test

kubectl testkube run test --watch baseline-test



kubectl testkube create test --filename examples/zap-full.yaml --type "zap/full" --name full-test

kubectl testkube run test --watch full-test

```



The required ZAP arguments and options need to be specified via a dedicated YAML configuration file, e.g.

```yaml

api:

  # -t the target API definition

  target: https://www.example.com/openapi.json

  # -f the API format, openapi, soap, or graphql

  format: openapi

  # -O the hostname to override in the (remote) OpenAPI spec

  hostname: https://www.example.com

  # -S safe mode this will skip the active scan and perform a baseline scan

  safe: true

  # -c config file

  config: examples/zap-api.conf

  # -d show debug messages

  debug: true

  # -s short output

  short: false

  # -l minimum level to show: PASS, IGNORE, INFO, WARN or FAIL

  level: INFO

  # -c context file

  context: examples/context.config

  # username to use for authenticated scans

  user: anonymous

  # delay in seconds to wait for passive scanning

  delay: 5

  # max time in minutes to wait for ZAP to start and the passive scan to run

  time: 60

  # ZAP command line options

  zap_options: -config aaa=bbb

  # -I should ZAP fail on warnings

  fail_on_warn: false

```



# Issues and enchancements 



Please follow the main [TestKube repository](https://github.com/kubeshop/testkube) for reporting any [issues](https://github.com/kubeshop/testkube/issues) or [discussions](https://github.com/kubeshop/testkube/discussions)



# Testkube 



For more info go to [main testkube repo](https://github.com/kubeshop/testkube)



![Release](https://img.shields.io/github/v/release/kubeshop/testkube) [![Releases](https://img.shields.io/github/downloads/kubeshop/testkube/total.svg)](https://github.com/kubeshop/testkube/tags?label=Downloads) ![Go version](https://img.shields.io/github/go-mod/go-version/kubeshop/testkube)



![Docker builds](https://img.shields.io/docker/automated/kubeshop/testkube-api-server) ![Code build](https://img.shields.io/github/workflow/status/kubeshop/testkube/Code%20build%20and%20checks) ![Release date](https://img.shields.io/github/release-date/kubeshop/testkube)



![Twitter](https://img.shields.io/twitter/follow/thekubeshop?style=social) ![Discord](https://img.shields.io/discord/884464549347074049)

 #### [Documentation](https://kubeshop.github.io/testkube) | [Discord](https://discord.gg/hfq44wtR6Q)