Jenkins : zap-plugin How To Session Properties

Session Properties

  1. Context Name
     
    • Provide a unique name for the context.

      Info: Append the Build Variable BUILD_ID to the Context Name to ensure a unique name. e.g.  

      My Context ${BUILD_ID}

      Info: Accepts System Environment Variables, Build Variables as well as Environment Inject Plugin Variables(cannot be used during pre-build).

      Warning: The context should not exist in the loaded session.

  2. Include in Context
     
    • List of URLs which will be included in the Context unless also excluded.

      Info: Each line is a URL Regex and should be in the form of:
       
      e.g. http://localhost:8180/bodgeit.*
      e.g. \Qhttp://localhost:8180/bodgeit\E.*
      e.g. http://localhost:8180/bodgeit/logout.php
      e.g. \Qhttp://localhost:8180/bodgeit/logout.php\E

      Info: Accepts System Environment Variables, Build Variables as well as Environment Inject Plugin Variables(cannot be used during pre-build).

  3. Exclude from Context
     
    • List of URLs which will be excluded from the Context.

      Info: Each line is a URL Regex and should be in the form of:
       
      e.g. http://localhost:8180/bodgeit.*
      e.g. \Qhttp://localhost:8180/bodgeit\E.*
      e.g. http://localhost:8180/bodgeit/logout.php
      e.g. \Qhttp://localhost:8180/bodgeit/logout.php\E

      Info: Accepts System Environment Variables, Build Variables as well as Environment Inject Plugin Variables(cannot be used during pre-build).

  4. Alert Filters – Placeholder for New Feature Addition. (Go to step 5. for now)

     

  5. Authentication – ZAP will perform the Attacks (Spider and/or Active Scan) as an authenticated user.
     
    • Form-Based(info) Documentation, how to setup the context to use Form-Based Authentication can be found here.
       
    • Script-Based(info) Documentation, how to setup the context to use Script-Based Authentication can be found here.