Automation Framework

The new Automation Framework will in time replace the Command Line and Packaged Scan options. It allows you to control ZAP via one YAML file and provides more flexibility while not being tied to any specific container technology.

The Automation Framework is included with the latest version of ZAP as well as the stable docker image. The framework is plugable and many of the existing add-ons have been enhanced to support it.

Updating Add-ons

The addOns job has been found to cause problems when updating add-ons which are defined in the current plan. This job has been depreciated and no longer does anything.

From 2.12 you can use the standard ZAP command line options with the AF -autorun option:

  • -addoninstall <addOnId> to install an add-on
  • -addonuninstall <addOnId> to uninstall an add-on
  • -addonupdate to update all add-ons

You can use -addoninstall and -addonuninstall as many times as you need:

./ -addonupdate\
    -addoninstall example-1 \
    -addoninstall example-2 \
    -addonuninstall example-3 \
    -cmd -autorun zap.yaml <any other ZAP options>

Framework Overview

For details of how to get started with the framework see the main framework help page.

The framework supports:

  • environment - which defines all of the applications the plan can act on
  • Authentication - all of the authentication mechanisms supported by ZAP
  • Job Tests - which can be used to validate the outcome of jobs

The full set of jobs currently supported by the framework and other add-ons are:

For details of future changes planned see the tracker issue.