/cmc-security-scan

ZAP security scanning automation for Civil Money Claims application

Primary LanguageGroovyMIT LicenseMIT

CMC Security Scan

This is the security scan using ZAP proxy.

Getting Started

Prerequisites

The following software needs to be installed:

Local environment setup

In addition to above, a link to integration tests should exist as security scan runs integration tests through ZAP proxy. Link can be created using the following command:

$ ./bin/link-integration-tests-project.sh <path-to-integration-tests>

Starting dockerized environment

To start environment including ZAP proxy, Selenium Webdriver and CMC service stack please run the following command:

$ ./bin/start-environment.sh

There is a convenience stop-environment script as well.

Run integration tests through ZAP proxy

To run integration tests through ZAP proxy in attack mode please run the following command:

$ ./bin/run-integration-tests-scan.sh

Stopping dockerized environment

To stop environment including ZAP proxy, Selenium Webdriver and CMC service stack please run the following command:

$ ./bin/stop-environment.sh

License

This project is licensed under the MIT License - see the LICENSE file for details.