{"id":12,"date":"2021-05-14T15:45:00","date_gmt":"2021-05-14T15:45:00","guid":{"rendered":""},"modified":"2021-09-23T18:04:01","modified_gmt":"2021-09-23T16:04:01","slug":"owasp-test-in-release-pipeline","status":"publish","type":"post","link":"http:\/\/panahy.nl\/index.php\/2021\/05\/14\/owasp-test-in-release-pipeline\/","title":{"rendered":"OWASP test in Release Pipeline"},"content":{"rendered":"

In this page we are going to add some tasks in Azure Release pipeline to do the tests.<\/p>\n

Prerequisites<\/h2>\n

There is already a docker image containing\u00a0 Zap2 files and a Python file called zap-baseline.py <\/span>to run the process. The image is called\u00a0owasp\/zap2docker-stable requires a shared folder to put the report in it. To mount a file share I use a storage account in azure containing the shared location called security<\/b>. I generate the Key to access the shared location and start the process.<\/p>\n

When process has been completed you need to have a file called OWASPToNUnit3.xslt to convert the report into an NUnit file that can be published as a test result.<\/p>\n

OWASP Stage Tasks<\/h4>\n

There are 3 tasks in this stage:<\/p>\n

    \n
  1. OWASP in Azure CLI
    \nwhich stes up a Container Instance that runs the tests<\/li>\n
  2. \u00a0Transforming PowerShell Script
    \nwhich uses a PowerShell script to transform the result into NUnit<\/li>\n
  3. Publish Test Results
    \nwhich makes the result visible in the pipeline as Test Results<\/li>\n<\/ol>\n

    Stage Tasks Yaml<\/h3>\n
    \n
    steps: \r\n  - task: AzureCLI@2 \r\n    displayName: 'OWASP in Azure CLI ' \r\n    inputs: \r\n      azureSubscription: 'Owasp_grp_sp' \r\n      scriptType: ps \r\n    scriptLocation: inlineScript \r\n    inlineScript: | \r\n    $key='\"the-Key-to-Storage-Account-shared-location==\"' \r\n    $ZAP_COMMAND=\"\/zap\/zap-baseline.py -t \"\"\"\"https:\/\/the-url-to-test.something\"\"\"\" -x OWASP-ZAP-Report.xml\" \r\n\r\n    az container create `\r\n       --resource-group owasp_grp `\r\n       --name owasp ` \r\n       --image owasp\/zap2docker-stable ` \r\n       --ip-address public `\r\n       --ports 8080 `\r\n       --azure-file-volume-account-name owaspstore1000 `\r\n       --azure-file-volume-account-key $key `\r\n       --azure-file-volume-share-name security `\r\n       --azure-file-volume-mount-path \/zap\/wrk\/ `\r\n       --command-line $ZAP_COMMAND \r\n    az storage file download `\r\n       --account-name owaspstore1000 `\r\n       --account-key $key `\r\n       -s security `\r\n       -p OWASP-ZAP-Report.xml `\r\n       --dest %SYSTEM_DEFAULTWORKINGDIRECTORY%OWASP-ZAP-Report.xml \r\n       \r\n  - powershell: | \r\n     ## The powershell task for converting the test report \r\n     $XslPath = \"$($Env:SYSTEM_DEFAULTWORKINGDIRECTORY)\\_Managed-Security\/OWASPToNUnit3.xslt\"\r\n     $XmlInputPath = \"$($Env:SYSTEM_DEFAULTWORKINGDIRECTORY)\\OWASP-ZAP-Report.xml\"\r\n     $XmlOutputPath = \"$($Env:SYSTEM_DEFAULTWORKINGDIRECTORY)\\Converted-OWASP-ZAP-Report.xml\"\r\n     $XslTransform = New-Object System.Xml.Xsl.XslCompiledTransform\r\n     $XslTransform.Load($XslPath)\r\n     $XslTransform.Transform($XmlInputPath, $XmlOutputPath)\r\n    displayName: 'Transforming PowerShell Script'\r\n\r\n\r\n  - task: PublishTestResults@2\r\n    displayName: 'Publish Test Results Converted-OWASP-ZAP-Report.xml'\r\n    inputs:\r\n      testResultsFormat: NUnit\r\n      testResultsFiles: 'Converted-OWASP-ZAP-Report.xml'<\/pre>\n
     <\/p>\n<\/div>\n
    \u00a0<\/span><\/div>\n","protected":false},"excerpt":{"rendered":"
    In this page we are going to add some tasks in Azure Release pipeline to do the tests. Prerequisites There is already a docker image containing\u00a0 Zap2 files and a Python file called zap-baseline.py to run the process. The image is called\u00a0owasp\/zap2docker-stable requires a shared folder to put the report in it. To mount a … Continue reading “OWASP test in Release Pipeline”<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[4,10],"tags":[],"uagb_featured_image_src":{"full":false,"thumbnail":false,"medium":false,"medium_large":false,"large":false,"1536x1536":false,"2048x2048":false,"post-thumbnail":false},"uagb_author_info":{"display_name":"Pouya Panahy","author_link":"http:\/\/panahy.nl\/index.php\/author\/pouya\/"},"uagb_comment_info":0,"uagb_excerpt":"In this page we are going to add some tasks in Azure Release pipeline to do the tests. Prerequisites There is already a docker image containing\u00a0 Zap2 files and a Python file called zap-baseline.py to run the process. The image is called\u00a0owasp\/zap2docker-stable requires a shared folder to put the report in it. To mount a…","_links":{"self":[{"href":"http:\/\/panahy.nl\/index.php\/wp-json\/wp\/v2\/posts\/12"}],"collection":[{"href":"http:\/\/panahy.nl\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/panahy.nl\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/panahy.nl\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/panahy.nl\/index.php\/wp-json\/wp\/v2\/comments?post=12"}],"version-history":[{"count":3,"href":"http:\/\/panahy.nl\/index.php\/wp-json\/wp\/v2\/posts\/12\/revisions"}],"predecessor-version":[{"id":185,"href":"http:\/\/panahy.nl\/index.php\/wp-json\/wp\/v2\/posts\/12\/revisions\/185"}],"wp:attachment":[{"href":"http:\/\/panahy.nl\/index.php\/wp-json\/wp\/v2\/media?parent=12"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/panahy.nl\/index.php\/wp-json\/wp\/v2\/categories?post=12"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/panahy.nl\/index.php\/wp-json\/wp\/v2\/tags?post=12"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}