Setup passive ZAP scanning on TeamCity
Uncategorized
- The configuration on TC is created.
- The infrastructure for ZAP is created and ensured to be stable. Active ZAP scanning could be implemented on top of this infrastructure easily.
- TC configuration is set up to run weekly.
- TC configuration is always green and provides a quick summary in the status and also generates the full report with the issues.
- When security issues are fixed the configuration can be setup to fail if some errors are found.