![]() ACI_INSTANCE_NAME: The name of the actual ACI instance deployed in Azure.ACI_LOCATION: The geographical location to deploy to.ACI_RESOURCE_GROUP: The name of the Group the ACI instance will be deployed to.We have several Variables set on the Pipeline: In our example, we will have one Artifact, which is an Azure Git artifact containing only the XSLTemplate used to transform the results file for publishing. The Release Pipeline itself is fairly simple. However, if it is to be reused in multiple pipelines, it would make more sense to set it up as a Task Group. The work presented here is part of a Release Pipeline based on the customer needs.A few options are available, we chose to use an XSL Template to convert it to a Nunit3 formatted results file. As such, we needed to convert it to a compatible format. OWASP ZAP’s report format is not natively supported by the PublishTestResults task.An IaaS base solution could simply use the Talk in the Marketplace. As such, we were not able to leverage the API, which made us unable to use the task available in the Marketplace. Due to how ACI handles NATing, OWASP ZAP wasn’t able to bind to the container’s public address (know OWASP issue: see Behind NAT).The customer did not want to manage their own self-hosted agent(s), and requested this be done on a Windows based (VS 2017 at the time) agent.īased on the above assumptions, there were a few issues and limitations to overcome: Run on a Microsoft Hosted Windows agent. ![]() Since the customer already leverages Azure DevOps for automated test runs, they wanted the results of the OWASP ZAP scan in the same tool to present a single view of all test results. Import the scan results into Azure DevOps Test Runs.They wanted an on-demand deployment to minimize management overhead of the security scanning tool. ![]() The customer did not want to maintain an IaaS based installed of OWASP ZAP, nor did they have an AKS cluster to deploy the OWASP ZAP container into.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |