I have a problem on Zap plugin of Jenkins. Assume I have my selenium UI testing code, it will launch a browser and set a proxy automatically. What I need is to launch the test from Jenkins, and use the zap plugin to open the zap proxy and generate report.
The process in Jenkins should be : 1. Open ZAP proxy, add alert filter to ZAP. 2. Execute UI test (which will go through the ZAP proxy automatically) 3. ZAP generate report and send back to Jenkins. 4. Shut down ZAP proxy.
My confusion is when I use the zap plugin in Jenkins, there is a starting point which is necessary to put. But I don't want an active scanning, I only need a passive scanning from what go through the zap proxy by UI test. Is there a way to walk around it?
I found another way by using ZAP API to do the job https://medium.com/@PrakhashS/security-testing-for-apis-using-zap-5df8ec07a131. But I don't manage to make a alert filter by API. Can someone help?
I am newbie of Jenkins, I would like to know which way is proposed to meet my need. By executing zap from zap plugin, or by executing shell from zap API?
Thank you!
