Problems with Owasp ZAP Plugin

Hello, Newbie here. Trying to configure the owasp zap plugin, but everytime I tried it in a pipeline, Jenkins give me an error( A problem occurred while processing the request.). I am using Jenkins.2.387.2 on a windows server 2019, JAVA 17.0.7, ZAP 2.12, Official OWASP ZAP Jenkins PluginVersión1.1.0

Where can I see wich could be the problem? Any help appreciated.
Thank you

There are 3 plugins that mention ZAP. I think that you want to use the Zap Pipeline plugin that was last released a year ago. The plugin health score of that plugin is 98 out of 100.

I suspect that the plugin you’re trying to configure is the “Official OWASP ZAP plugin” that was last released 6 years ago. The plugin health score of that plugin is 57 out of 100. It has a known security vulnerability. It has a known bug that it cannot be configured with Jenkins versions after 2.277.1.

If there is some functionality in the “Official OWASP ZAP plugin” that can’t be met by using the Zap Pipeline plugin then you’d need to adopt the plugin, modernize the plugin, fix the security issue, and release a new version of the plugin.

Dear Mark, Thank you so much for your answer, much appreciated. It was driving me crazy. :slight_smile: I will try the plug in you mention. I just wast trying to set up a pipeline for a secure cycle development.
Thanks a lot again. :smiley:

Hi Mark, I’m trying to use the plugin you told me Zap Pipeline plugin. I have installed on my Jenkins server but when I try to trun the pipeline gives me this error: No such DSL method ‘zap’ found among steps. I am using this step:
steps {

            //zapPipeline canary: true, failOnError: true, targetUrl: ''
            zap canary: true, failOnError: true, targetUrl: ''

With the both lines gives me a similar error.
The pipeline runs in a Agent machine. Maybe the problem is that the plugin isnt installed in the agent machine. i have tried to install it in that machine but I havent found how to do it?
Any help would be much appreciated.
Thanks a lot.

The Zap Pipeline plugin does not provide a zap task or a zapPipeline task. You need to use the tasks provided by the plugins installed on your system.

The Pipeline Syntax Snippet Generator is your best resource for creating and editing Jenkins Pipelines. It will show you the Pipeline tasks that are available on your Jenkins controller based on the exact plugins that you have installed.

The online help that is available from inside the Pipeline Syntax Snippet Generator for specific Pipeline keywords is also copied to a Pipeline Steps reference page for each plugin. The Zap Pipeline page includes descriptions of the Pipeline tasks that it provides.

I created a 90 second video showing how to use the Pipeline Syntax Snippet Generator with the git plugin. The ideas in that video will help you use it with the Zap Pipeline plugin.

Dear Mark, Thank you so much for your answer. I have used pipeline syntax as you suggested me and i can see the methods of the plugin that are listed in its official web page but when I choose one of them Jenkins gives a message: This step has not yet defined any visual configuration. and if i try to generate the pipeline script jenkins gives me another error: no public field ‘failAllAlerts’ (or getter method) found in class com.vrondakis.zap.workflow.ArchiveZapStep
Then I have tried to add steps manually adding the different parameters needed by the methods but I dont know what values are needed to configure the paremeters or the order of the methods I need to use to scan a web site in a pipeline. i have searched for some example but I havent had luck with this plugin. i have tried IA too :slight_smile: but not luck neither. if you have some example of a pipeline using this method i will be glad if you could share it with me. If you dont have dont worry, i am so happy with your help. All the best,