Sending Results to Software Risk Manager

The OWASP ZAP plugin can generate a compatible XML file which can be uploaded manually, or it can upload a report directly to Software Risk Manager.

To upload a report to Software Risk Manager, select the Code Dx: Upload Report option from the Report menu.

You will be prompted for the Server URL, API Key and Project. Your settings will be remembered between sessions and are stored in the codedx.properties file located in the OWASP ZAP folder in your user directory.

After entering the Server URL and API Key, click the Refresh button to populate the Project dropdown.

If you receive a warning regarding an invalid certificate, you will be prompted to Reject, Accept Temporarily, or Accept Permanently. Accepting temporarily will remember the exception until the session ends. Accepting permanently will create a .usertrust directory containing the truststore information. On Windows this will be in your appdata directory, on Mac it will be in the Application Support folder, and on Linux it will be in the home directory.

You will receive a message indicating whether or not the action was successful.

You can generate an XML file for use with Software Risk Manager by selecting the Code Dx: Generate XML Report option from the Report menu.