我尝试使用此阶段在 Jenkins 中使用完整扫描 Docker 映像生成 ZAP 的 HTML 报告:
stage('OWASP ZAP Full Scan') { steps { script { sh "sudo docker run -v /var/lib/jenkins/workspace/Front:/zap/wrk/:rw -t ghcr.io/zaproxy/zaproxy:stable zap-full-scan.py -t http://192.168.56.7:80/ -r testreport.html" } } }它有效,但它没有按预期生成 HTML 报告,并且失败并出现此错误:
ERROR [Errno 13] Permission denied: '/zap/wrk/testreport.html'
2024-04-16 09:30:57,094 I/O error: [Errno 13] Permission denied: '/zap/wrk/testreport.html'
Traceback (most recent call last):
File "/zap/zap-full-scan.py", line 469, in main
write_report(os.path.join(base_dir, report_html), zap.core.htmlreport())
File "/zap/zap_common.py", line 569, in write_report
with open(file_path, mode='wb') as f:
PermissionError: [Errno 13] Permission denied: '/zap/wrk/testreport.html'
Found Java version 11.0.22
Available memory: 8719 MB
Using JVM args: -Xmx2179m
这是您的 Jenkins 代理用户 ID 与容器内的进程不匹配,该进程以 uid 1000 的用户
zapzapsh """
rm -rf /var/lib/jenkins/workspace/Front/report
mkdir -p /var/lib/jenkins/workspace/Front/report
chmod 777 /var/lib/jenkins/workspace/Front/report
sudo docker run -v /var/lib/jenkins/workspace/Front:/zap/wrk/:rw -t ghcr.io/zaproxy/zaproxy:stable zap-full-scan.py -t http://192.168.56.7:80/ -r report/testreport.html
"""