30 lines
908 B
Bash
Executable file
30 lines
908 B
Bash
Executable file
#!/usr/bin/env bash
|
|
set -euo pipefail
|
|
|
|
# Lightweight OWASP ZAP baseline scan.
|
|
# Usage: TARGET=https://test.lomavuokraus.fi ./scripts/zap-baseline.sh
|
|
|
|
TARGET="${TARGET:-https://test.lomavuokraus.fi}"
|
|
# Defaults to GHCR image; override with ZAP_IMAGE if needed (e.g. zaproxy/zap-stable)
|
|
ZAP_IMAGE="${ZAP_IMAGE:-ghcr.io/zaproxy/zaproxy:stable}"
|
|
REPORT_DIR="${REPORT_DIR:-reports/security}"
|
|
TIMEOUT_MINUTES="${TIMEOUT_MINUTES:-5}"
|
|
|
|
mkdir -p "$REPORT_DIR"
|
|
|
|
echo "Running ZAP baseline against $TARGET (timeout ${TIMEOUT_MINUTES}m)..."
|
|
docker run --rm \
|
|
-u "$(id -u)":"$(id -g)" \
|
|
-e HOME=/zap/wrk \
|
|
-v "$PWD/$REPORT_DIR":/zap/wrk \
|
|
-w /zap/wrk \
|
|
-e HOME=/zap/wrk \
|
|
"$ZAP_IMAGE" zap-baseline.py \
|
|
-t "$TARGET" \
|
|
-x zap-report.xml \
|
|
-r zap-report.html \
|
|
-J zap-report.json \
|
|
-I \
|
|
-m "$TIMEOUT_MINUTES"
|
|
|
|
echo "Reports written to $REPORT_DIR (zap-report.html, zap-report.xml, zap-report.json)"
|