I am new to OWASP ZAP. I have ZAP Desktop set up done, where i inject the Web Application host with port and it takes about 5-6 minutes to complete the spider scan and when i see the Alerts section i see one Medium Alert and a lot of Low alerts.
However I tried integrating ZAP with Jenkins and I see the job is completing within few seconds and the report it provides with Alerts are not matching the Data of OWASP ZAP Alerts Data.
I see one medium Alert on OWASP ZAP Desktop where as i do not see any Medium Alerts on Jenkins ZAP Job report.
Also the Spider Scan shows 0% Scan Progress and it is not showing the completion of Job % status. What am i missing here? Why it is not displaying 100% and why not all alerts are captured in Jenkins.
Also got below error in log.
P.transaction_id};var l=F.CONFIG={maxQueriesToDraw:40,queryCharactersToShow:1640,lockColumnIndex:3,asy"[truncated 12477 chars]; line: 1, column: 4]
at com.fasterxml.jackson.core.JsonParser._constructError(JsonParser.java:1840)
at com.fasterxml.jackson.core.base.ParserMinimalBase._reportError(ParserMinimalBase.java:722)
at com.fasterxml.jackson.core.json.ReaderBasedJsonParser._reportInvalidToken(ReaderBasedJsonParser.java:2868)
at com.fasterxml.jackson.core.json.ReaderBasedJsonParser._handleOddValue(ReaderBasedJsonParser.java:1914)
at com.fasterxml.jackson.core.json.ReaderBasedJsonParser.nextToken(ReaderBasedJsonParser.java:773)
at com.fasterxml.jackson.databind.ObjectMapper._readTreeAndClose(ObjectMapper.java:4231)
at com.fasterxml.jackson.databind.ObjectMapper.readTree(ObjectMapper.java:2711)
at io.swagger.parser.SwaggerCompatConverter.readResourceListing(SwaggerCompatConverter.java:210)
at io.swagger.parser.SwaggerCompatConverter.read(SwaggerCompatConverter.java:123)
at io.swagger.parser.SwaggerCompatConverter.read(SwaggerCompatConverter.java:114)
at org.zaproxy.zap.extension.openapi.converter.swagger.SwaggerConverter.convertV1ToV2(SwaggerConverter.java:216)
at org.zaproxy.zap.extension.openapi.converter.swagger.SwaggerConverter.getOpenAPI(SwaggerConverter.java:197)
at org.zaproxy.zap.extension.openapi.converter.swagger.SwaggerConverter.readOpenAPISpec(SwaggerConverter.java:170)
at org.zaproxy.zap.extension.openapi.converter.swagger.SwaggerConverter.getRequestModels(SwaggerConverter.java:157)
at org.zaproxy.zap.extension.openapi.OpenApiSpider.parseResource(OpenApiSpider.java:55)
at org.zaproxy.zap.spider.SpiderTask.processResource(SpiderTask.java:415)
at org.zaproxy.zap.spider.SpiderTask.runImpl(SpiderTask.java:267)
at org.zaproxy.zap.spider.SpiderTask.run(SpiderTask.java:190)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
15578 [ZAP-SpiderThreadPool-0-thread-1] ERROR io.swagger.parser.SwaggerCompatConverter - failed to read resource listing