I have been trying to setup OWASP ZAP scanner for scanning a rails app through CI.
The thing is I have a specific script I wish to run (because I run specific user tests on ZAP), so I have my docker container which runs zap as a service:
docker run -d --network host --name autozap -u zap -i gmemin/autozap
And then execute the following command in CircleCI:
docker exec -it autozap python3 zapscan.py localhost:3000
This command fails because it can’t reach localhost:3000.
I also checked the ifconfig on the host and docker container and they are in a different network, despite running the docker container with --network host key.
In CircleCI:
- run: ifconfig --> 172.24.0.3 netmask 255.255.0.0
- run: docker exec -it autozap ifconfig --> 172.17.0.1 netmask 255.255.0.0
The rails app is running correctly in the host container, I can curl localhost:3000 and get the expected answer.
The ZAP service is also running correctly in the docker image.
I’ve also tried using the ZAP image as a secondary container in the CircleCI environment, meaning using the - image: gmemin/autozap key but can’t get it to execute the script I need. I have read that CircleCI 2.0 doesn’t have this feature, so that’s why I’m running ZAP as a docker container.
I’ve tried running the docker image with the -P key which exposes all ports, and still no luck.
How can I let the docker container have visibility of the rails app running in localhost:3000 in the host environment?
Now I’m looking into docker-izing the rails app so I can run the docker containers in the same network, is this the only solution to my problem?