Merge pull request #2026 from ricekot/docker/ssp

Update DockerHub image links
zaproxy · Aug 2, 2023 · 71d3480 · 71d3480
2 parents 4e5d85b + 1879e22
commit 71d3480
Show file tree

Hide file tree

Showing 3 changed files with 33 additions and 26 deletions.
diff --git a/site/content/docs/docker/about.md b/site/content/docs/docker/about.md
@@ -9,6 +9,9 @@ type: docker
 # Introduction
 Docker image with Zed Attack Proxy preinstalled.
 
+Please note that ZAP Docker images are available on Docker Hub as well as GitHub Container Registry (GHCR).
+While the `docker run` commands on this page use the Docker Hub images, either can be used interchangeably.
+
 # Details
 
 ## Install Instructions
@@ -21,8 +24,8 @@ The monthly updates pull in the latest base Docker image and also any updated ZA
 changes are included.
 
 ```bash
-docker pull owasp/zap2docker-stable
 docker pull ghcr.io/zaproxy/zaproxy:stable
+docker pull softwaresecurityproject/zap-stable
 ```
 
 #### Weekly
@@ -31,8 +34,8 @@ The weekly image is typically updated every Monday, and includes the very latest
 core and add-ons. It is the same as the [Cross Platform Weekly Release](/download/#weekly).
 
 ```bash
-docker pull owasp/zap2docker-weekly
 docker pull ghcr.io/zaproxy/zaproxy:weekly
+docker pull softwaresecurityproject/zap-weekly
 ```
 
 #### Nightly
@@ -41,8 +44,8 @@ The nightly image is updated at least once a day, and includes the very latest c
 core and add-ons.
 
 ```bash
-docker pull owasp/zap2docker-live
 docker pull ghcr.io/zaproxy/zaproxy:nightly
+docker pull softwaresecurityproject/zap-nightly
 ```
 
 #### Bare
@@ -51,8 +54,8 @@ The bare image is a very small Docker image and contains only the necessary requ
 It is updated on the same schedule as the stable image.
 
 ```bash
-docker pull owasp/zap2docker-bare
 docker pull ghcr.io/zaproxy/zaproxy:bare
+docker pull softwaresecurityproject/zap-bare
 ```
 The Dockerfiles can be found [here](https://github.com/zaproxy/zaproxy/tree/main/docker).
 
@@ -94,27 +97,27 @@ For more details see the blog posts:
 These GitHub actions are a simple way to run the packaged scans, especially if you already use GitHub.
 
 ### Automation Framework
-The [AutomationFramework](/docs/automate/automation-framework/) allows you to control ZAP via a single YAML file.
+The [Automation Framework](/docs/automate/automation-framework/) allows you to control ZAP via a single YAML file.
 It is under active development and will in time exceed the capabilities of the packaged scans and become the recommended option
 for people who want more control over ZAP. The packaged scans will not be removed but are being migrated to use the Automation Framework.
 
 You can run the Automation Framework in docker using the zap.yaml file in the current directory using:
 
 ```bash
-docker run -v $(pwd):/zap/wrk/:rw -t owasp/zap2docker-stable zap.sh -cmd -autorun /zap/wrk/zap.yaml
+docker run -v $(pwd):/zap/wrk/:rw -t softwaresecurityproject/zap-stable zap.sh -cmd -autorun /zap/wrk/zap.yaml
 ```
 Note that `$(pwd)` is only supported on Linux and MacOS - on Windows you will need to replace this with the full current working directory (ex: `C:\your\working\directory\`).
 
 If you want to make sure that ZAP is up to date before running the yaml file then the recommended approach is:
 
 ```bash
-docker run -v $(pwd):/zap/wrk/:rw -t owasp/zap2docker-stable bash -c "zap.sh -cmd -addonupdate; zap.sh -cmd -autorun /zap/wrk/zap.yaml"
+docker run -v $(pwd):/zap/wrk/:rw -t softwaresecurityproject/zap-stable bash -c "zap.sh -cmd -addonupdate; zap.sh -cmd -autorun /zap/wrk/zap.yaml"
 ```
 
 The latest version of the Automation Framework will set the ZAP exit value based on the result of the plan, in order to have access to this you need to use a command like:
 
 ```bash
-docker container run -v $(pwd):/zap/wrk/:rw -t owasp/zap2docker-weekly zap.sh -cmd -autorun /zap/wrk/zap.yaml
+docker container run -v $(pwd):/zap/wrk/:rw -t softwaresecurityproject/zap-weekly zap.sh -cmd -autorun /zap/wrk/zap.yaml
 ```
 
 ### ZAP GUI in a Browser
@@ -124,15 +127,15 @@ See the [Webswing](../webswing/) page for details.
 ### ZAP Headless
 You can also start the ZAP in headless mode with following command:
 ```bash
-docker run -u zap -p 8080:8080 -i owasp/zap2docker-stable zap.sh -daemon -host 0.0.0.0 -port 8080 -config api.addrs.addr.name=.* -config api.addrs.addr.regex=true -config api.key=<api-key>
+docker run -u zap -p 8080:8080 -i softwaresecurityproject/zap-stable zap.sh -daemon -host 0.0.0.0 -port 8080 -config api.addrs.addr.name=.* -config api.addrs.addr.regex=true -config api.key=<api-key>
 ```
 <sub>**Note**: `-config api.addrs.addr.name=.*` opens the API up for connections from any other host, it is prudent to configure this more specifically for your network/setup.</sub>
 
 ### ZAP Headless with xvfb
 You can start the ZAP in headless mode with xvfb following command:
 
 ```bash
-docker run -u zap -p 8080:8080 -i owasp/zap2docker-stable zap-x.sh -daemon -host 0.0.0.0 -port 8080 -config api.addrs.addr.name=.* -config api.addrs.addr.regex=true
+docker run -u zap -p 8080:8080 -i softwaresecurityproject/zap-stable zap-x.sh -daemon -host 0.0.0.0 -port 8080 -config api.addrs.addr.name=.* -config api.addrs.addr.regex=true
 ```
 <sub>**Note**: `-config api.addrs.addr.name=.*` opens the API up for connections from any other host, it is prudent to configure this more specifically for your network/setup.</sub>
 
@@ -146,7 +149,7 @@ Docker appears to assign 'random' IP addresses, so an approach that appears to w
 Run ZAP as a daemon listening on "0.0.0.0":
 
 ```bash
-docker run -p 8090:8090 -i owasp/zap2docker-stable zap.sh -daemon -port 8090 -host 0.0.0.0
+docker run -p 8090:8090 -i softwaresecurityproject/zap-stable zap.sh -daemon -port 8090 -host 0.0.0.0
 ```
 Find out the container id:
 ```bash
@@ -172,7 +175,7 @@ $(ip -f inet -o addr show docker0 | awk '{print $4}' | cut -d '/' -f 1)
 ```
 For example:
 ```bash
-docker run -t owasp/zap2docker-weekly zap-baseline.py -t http://$(ip -f inet -o addr show docker0 | awk '{print $4}' | cut -d '/' -f 1):10080
+docker run -t softwaresecurityproject/zap-weekly zap-baseline.py -t http://$(ip -f inet -o addr show docker0 | awk '{print $4}' | cut -d '/' -f 1):10080
 ```
 
 ### Scanning an app running in another Docker container

diff --git a/site/data/download/d_docker.yml b/site/data/download/d_docker.yml
@@ -1,40 +1,44 @@
 title: Docker
 table:
   - name: Stable
-    id: dc-s
     notes: The standard release
-    cmd: docker pull owasp/zap2docker-stable
-    link: https://hub.docker.com/r/owasp/zap2docker-stable/
     ghcr:
       id: docker-ghcr-stable
       cmd: docker pull ghcr.io/zaproxy/zaproxy:stable
       link: https://github.com/zaproxy/zaproxy/pkgs/container/zaproxy/versions?filters[version_type]=tagged
+    ssp:
+      id: docker-ssp-stable
+      cmd: docker pull softwaresecurityproject/zap-stable
+      link: https://hub.docker.com/r/softwaresecurityproject/zap-stable
   - name: Bare
-    id: dc-b
     notes: Minimal release, ideal for CI
-    cmd: docker pull owasp/zap2docker-bare
-    link: https://hub.docker.com/r/owasp/zap2docker-bare/
     ghcr:
       id: docker-ghcr-bare
       cmd: docker pull ghcr.io/zaproxy/zaproxy:bare
       link: https://github.com/zaproxy/zaproxy/pkgs/container/zaproxy/versions?filters[version_type]=tagged
+    ssp:
+      id: docker-ssp-bare
+      cmd: docker pull softwaresecurityproject/zap-bare
+      link: https://hub.docker.com/r/softwaresecurityproject/zap-bare
   - name: Weekly
-    id: dc-w
     notes: Updated every week
-    cmd: docker pull owasp/zap2docker-weekly
-    link: https://hub.docker.com/r/owasp/zap2docker-weekly/
     ghcr:
       id: docker-ghcr-weekly
       cmd: docker pull ghcr.io/zaproxy/zaproxy:weekly
       link: https://github.com/zaproxy/zaproxy/pkgs/container/zaproxy/versions?filters[version_type]=tagged
+    ssp:
+      id: docker-ssp-weekly
+      cmd: docker pull softwaresecurityproject/zap-weekly
+      link: https://hub.docker.com/r/softwaresecurityproject/zap-weekly
   - name: Nightly
-    id: dc-n
     notes: The very latest source code
-    cmd: docker pull owasp/zap2docker-live
-    link: https://hub.docker.com/r/owasp/zap2docker-live/
     ghcr:
       id: docker-ghcr-nightly
       cmd: docker pull ghcr.io/zaproxy/zaproxy:nightly
       link: https://github.com/zaproxy/zaproxy/pkgs/container/zaproxy/versions?filters[version_type]=tagged
+    ssp:
+      id: docker-ssp-nightly
+      cmd: docker pull softwaresecurityproject/zap-nightly
+      link: https://hub.docker.com/r/softwaresecurityproject/zap-nightly
 info:
 - See [Docker](/docs/docker/) for more information.
diff --git a/site/layouts/page/download.html b/site/layouts/page/download.html
@@ -91,10 +91,10 @@ <h3 id="docker">{{ .title }}</h3>
                   <tr>
                     <td>{{ .name }}</td>
                     <td>{{ .notes }}</td>
-                    <td><code>{{ .cmd }}</code><br><code>{{ .ghcr.cmd }}</code></td>
+                    <td><code>{{ .ghcr.cmd }}</code><br><code>{{ .ssp.cmd }}</code></td>
                     <td>
-                      <a track-event="download.core.{{ .id }}" href="{{ .link }}" class="button button--orange">Docker Hub Page</a>
                       <a track-event="download.core.{{ .ghcr.id }}" href="{{ .ghcr.link }}" class="button button--orange">GHCR Page</a>
+                      <a track-event="download.core.{{ .ssp.id }}" href="{{ .ssp.link }}" class="button button--orange">Docker Hub Page</a>
                     </td>
                   </tr>
                 {{ end }}