ZAP security scanning automation for Civil Money Claims application
This is the security scan using ZAP proxy.
The following software needs to be installed:
In addition to above, a link to integration tests should exist as security scan runs integration tests through ZAP proxy. Link can be created using the following command:
$ ./bin/link-integration-tests-project.sh <path-to-integration-tests>
To start environment including ZAP proxy, Selenium Webdriver and CMC service stack please run the following command:
$ ./bin/start-environment.sh
There is a convenience stop-environment script as well.
To run integration tests through ZAP proxy in attack mode please run the following command:
$ ./bin/run-integration-tests-scan.sh
To stop environment including ZAP proxy, Selenium Webdriver and CMC service stack please run the following command:
$ ./bin/stop-environment.sh
This project is licensed under the MIT License - see the LICENSE file for details.