CSEDevOps icon indicating copy to clipboard operation
CSEDevOps copied to clipboard

Published 20 hours ago verified publisher icon microsoft

Only arm64 images available

Open twartonick opened this issue 10 months ago • 3 comments

Using Microsoft Hosted Azure agent ubuntu-latest getting following error:

Status: Downloaded newer image for owasp/zap2docker-stable:latest WARNING: The requested image's platform (linux/arm64) does not match the detected host platform (linux/amd64/v4) and no specific platform was requested exec /zap/zap-full-scan.py: exec format error

When I go to https://hub.docker.com/r/owasp/zap2docker-stable/tags?page=&page_size=&name=&ordering=last_updated I see only arm64 images, did stop building amd64 images? I have many, many pipelines that use the scanner and this will be close to breaking lots o' things.

edit: I did find that there is a owasp/zap2docker-bare that is amd64 image, and I tried to pin the image using "inputs: version: "owasp/zap2docker-bare:latest" in the task inputs, but it still grabbed the arm64 version (stable-latest), is there a way to specify which image to download/use in the task?

pipeline code:

  • task: owaspzap@1 displayName: 'ZAP Scanner' continueOnError: true inputs: aggressivemode: ${{ parameters.agressiveMode }} threshold: ${{ parameters.threshold }} scantype: targetedScan url: ${{ parameters.url }} port: 443

Thank you in advance for any help!

twartonick avatar Apr 12 '24 21:04 twartonick

There is no way to specify the image to use :-(

And ZAP announced that they were moving away from OWASP organization and the official ZAP Docker images are now published to the Software Security Project Docker Hub Organisation

Can we expect an update of the very useful DevOps task ?

Or do we need to plan and move to something else?

See also https://github.com/zaproxy/zaproxy/issues/8440

superjulius avatar Apr 17 '24 16:04 superjulius

Here's my work-around/replacement, bash to the rescue as always, hope someone finds it useful...

Test owasp task replacement

jobs:

  • job: Build_Run_ZAP_Container displayName: 'Install and Run ZAP' pool: vmImage: 'ubuntu-latest'

    steps:

    #- checkout: none

    • task: bash@3 displayName : 'Run ZAP' inputs: targetType: 'inline' script: | echo "#### Get the latest ZAP docker image ####" echo "############################################"

      docker pull softwaresecurityproject/zap-stable:latest

echo "##### Set up some stuff #######"
echo "###############################"
/usr/bin/id -u root 
/usr/bin/mkdir -v -p /home/vsts/work/1/s/zap
/usr/bin/chmod 777 /home/vsts/work/1/s/zap

echo "Check whats in the dir tree"
echo "###############################"

pwd
ls -ahl /home/vsts/work/1/s


echo "####### RUN The SCAN #######"
/usr/bin/docker --debug run -u 0 -v /home/vsts/work/1/s/zap:/zap/wrk/:rw softwaresecurityproject/zap-stable zap-full-scan.py -t https://dev-some-websiteapp1.azurewebsites.net:443 -J report.json -r report.html

twartonick avatar Apr 22 '24 21:04 twartonick

Would be easier to have the task giving the possibility to specify which image to use...

ghs avatar Jun 21 '24 11:06 ghs