Bake DAST ZAProxy plugins into the Docker image
Every time DAST runs it downloads ZAProxy plugins. This causes a DAST job to run longer than it ideally would.
Proposal
- Find a way to download the extensions we require when the Docker image is built
- Make sure that extensions we don't use are not installed
Log example
org.parosproxy.paros.CommandLine - Add-on downloaded to: /root/.ZAP/plugin/alertFilters-release-9.zap
org.parosproxy.paros.CommandLine - Add-on downloaded to: /root/.ZAP/plugin/hud-beta-0.6.0.zap
org.parosproxy.paros.CommandLine - Add-on downloaded to: /root/.ZAP/plugin/websocket-release-20.zap
org.parosproxy.paros.CommandLine - Add-on downloaded to: /root/.ZAP/plugin/webdriverlinux-release-12.zap
org.parosproxy.paros.CommandLine - Downloading add-on from: https://github.com/zaproxy/zap-extensions/releases/download/pscanrulesBeta-v19/pscanrulesBeta-beta-19.zap
org.parosproxy.paros.CommandLine - Add-on downloaded to: /root/.ZAP/plugin/alertFilters-release-9.zap
org.parosproxy.paros.CommandLine - Add-on downloaded to: /root/.ZAP/plugin/hud-beta-0.6.0.zap
org.parosproxy.paros.CommandLine - Add-on downloaded to: /root/.ZAP/plugin/websocket-release-20.zap
org.parosproxy.paros.CommandLine - Add-on downloaded to: /root/.ZAP/plugin/webdriverlinux-release-12.zap
org.parosproxy.paros.CommandLine - Add-on downloaded to: /root/.ZAP/plugin/pscanrulesBeta-beta-19.zap