Last active
September 9, 2022 14:43
-
-
Save ritesh/2fcd9fd32995ffeb30f1 to your computer and use it in GitHub Desktop.
Docker compose for ZAP
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
target: | |
# The target application we want to scan | |
image: szsecurity/webgoat | |
# The port that the application is available on. | |
# If the application runs on a non-standard port, | |
# you can map it to 80 for convenience by using | |
# ports | |
# - "80:8080" | |
expose: | |
- "80" | |
zaproxy: | |
image: owasp/zap2docker-stable | |
command: zap.sh -daemon -port 8090 -host 0.0.0.0 | |
expose: | |
# ZAP is running on 8090, we want it to be accessible by our tools | |
- "8090" | |
links: | |
- target | |
tooling: | |
build: tools/. | |
# Runzap.py contains the commands to run ZAP on the target application | |
command: python tools/runzap.py | |
links: | |
- zaproxy | |
# Reports end up here! | |
volumes: | |
- ./:/code |
That is correct, you might be able to make the port that ZAP listens on (8090) accessible to your browser using ports
in docker-compose (this works different on windows/linux/mac) so that you can reach it from your browser if that's what you want. See the docker-compose docs on how to do that.
can you please paste the tools/runzap.py
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Good. As I understand it, now I can’t start zap in docker and go to it from the browser while doing this, but only scan it by going into the container