From f90f32f032d5e40f2de99eb5f99c9ed654f32cee Mon Sep 17 00:00:00 2001 From: Ryan Ahearn Date: Tue, 23 Aug 2022 16:59:39 -0400 Subject: [PATCH] Document how to run the owasp scan locally --- README.md | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index d93cfd0e9..564e6346f 100644 --- a/README.md +++ b/README.md @@ -24,7 +24,7 @@ Create the external docker network: `docker network create notify-network` Using the command palette (shift+cmd+p), search and select “Remote Containers: Open Folder in Container...” -When prompted, choose **devcontainer-api** folder (note: this is a *subfolder* of notification-api). This will startup the container in a new window (replacing the current one). +When prompted, choose **devcontainer-api** folder (note: this is a *subfolder* of notification-api). This will startup the container in a new window (replacing the current one). After this page loads, hit "show logs” in bottom-right. The first time this runs it will need to build the Docker image, which will likely take several minutes. @@ -39,7 +39,7 @@ Open another terminal and run the background tasks: ### `.env` file -Create and edit a .env file, based on sample.env. +Create and edit a .env file, based on sample.env. NOTE: when you change .env in the future, you'll need to rebuild the devcontainer for the change to take effect. Vscode _should_ detect the change and prompt you with a toast notification during a cached build. If not, you can find a manual rebuild in command pallette or just `docker rm` the notifications-api container. @@ -109,10 +109,19 @@ make bootstrap make test ``` +## To run a local OWASP scan + +1. Run `make run-flask` from within the dev container. +2. On your host machine run: + +``` +docker run -v $(pwd):/zap/wrk/:rw --network="notify-network" -t owasp/zap2docker-weekly zap-api-scan.py -t http://dev:6011/_status -f openapi -c zap.conf +``` + ## To run scheduled tasks ``` -# After scheduling some tasks, open a third terminal in your running devcontainer and run celery beat +# After scheduling some tasks, open a third terminal in your running devcontainer and run celery beat make run-celery-beat ```