From 892061a4abffe804c0674a832cffe71af433a9d3 Mon Sep 17 00:00:00 2001 From: Ernst Noorlander Date: Tue, 2 Apr 2024 13:07:49 +0200 Subject: [PATCH] Added notification of archiving (in progress) --- README.md | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index ae9f008..975da75 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,23 @@ -# Automatic Authentication for OWASP ZAP Docker +## 🚨 Repository will be archived🚨 + +At April 2nd 2024, this repository is marked as "WILL BE ARCHIVED". It will be archived in the coming months and will no longer be maintained anymore. + +## Why will this repository be archived? + +The purpose of this project was to add the option for authenticated scans mainly (and also to add Blind XSS payloads as a bonus). Meanwhile, ZAP supports this out-of-the-box. Besides that, ZAP is in the process of being updated to use Automation Framework for most of the tasks which changes the way scans are performed. + +## What should I do if I'm currently still using zap2docker-weekly? + +It's advisable to plan a migration where zap2docker-weekly will be phased out. It's advisable to use ZAP's Automation Framework in the latest version of ZAP to create an Automation Plan and test and use this plan both manually as well as in your CI/CD pipeline. If you have questions about this migration, please see "Get in touch" below, we would like to help! More details about migration will be shared on this page when archiving will be finalized. + +## What if I don't migrate? + +Probably, you will not notice. But it's very important to note that the base image where zap2docker-weekly is based on will NOT be maintained anymore since March 2024. So the reports being generated by zap2docker-weekly might not be accurate since that date and future changes to the way ZAP works (and vulnerabilities are being scanned an reported) might be missed. So it's NOT advisable + +It is (only) a set of scripts to start several open source security tools but since some of them are deprecated or changed and all information in this repository is also available in documentation of the specific tools, there's no reason to keep it alive. + +# Automatic Authentication for OWASP ZAP Docker [WILL BE ARCHIVED] + This project adds support to perform authenticated scans using the OWASP ZAP Docker [scanscripts](https://www.zaproxy.org/docs/docker/). These main features are available: - Automatically or manually filling and completing loginforms.