Run /usr/bin/docker pull owasp/zap2docker-stable -q /usr/bin/docker pull owasp/zap2docker-stable -q /usr/bin/docker run --network=host -e ZAP_AUTH_HEADER -e ZAP_AUTH_HEADER_VALUE -e ZAP_AUTH_HEADER_SITE -t owasp/zap2docker-stable zap-api-scan.py -t https://vampi01-docs.blackfox-security.com/openapi3.json -f openapi -J report_json.json -w report_md.md -r report_html.html cp ./report_html.html ./reports/api/report-zap-vampi01-docs.blackfox-security.comopenapi3.json-28-06-2023T08-44-38-UTC-1687941878.html cp ./report_json.json ./reports/api/report-zap-vampi01-docs.blackfox-security.comopenapi3.json-28-06-2023T08-44-38-UTC-1687941878.json shell: /bin/bash -e {0} env: START_DATE: 28-06-2023T08-44-38-UTC START_TIMESTAMP: 1687941878 TARGET: https://vampi01-docs.blackfox-security.com/openapi3.json TARGET_SAFE: vampi01-docs.blackfox-security.comopenapi3.json REPORT_DIR: /home/runner/_work/xxVigilis/reports/api docker.io/owasp/zap2docker-stable:latest 2023-06-28 08:44:40,860 A file based option has been specified but the directory '/zap/wrk' is not mounted Usage: zap-api-scan.py -t -f [options] -t target target API definition, OpenAPI or SOAP, local file or URL, e.g. https://www.example.com/openapi.json or target endpoint URL, GraphQL, e.g. https://www.example.com/graphql -f format openapi, soap, or graphql Options: -h print this help message -c config_file config file to use to INFO, IGNORE or FAIL warnings -u config_url URL of config file to use to INFO, IGNORE or FAIL warnings -g gen_file generate default config file(all rules set to WARN) -r report_html file to write the full ZAP HTML report -w report_md file to write the full ZAP Wiki(Markdown) report -x report_xml file to write the full ZAP XML report -J report_json file to write the full ZAP JSON document -a include the alpha passive scan rules as well -d show debug messages -P specify listen port -D delay in seconds to wait for passive scanning -i default rules not in the config file to INFO -I do not return failure on warning -l level minimum level to show: PASS, IGNORE, INFO, WARN or FAIL, use with -s to hide example URLs -n context_file context file which will be loaded prior to scanning the target -p progress_file progress file which specifies issues that are being addressed -s short output format - dont show PASSes or example URLs -S safe mode this will skip the active scan and perform a baseline scan -T max time in minutes to wait for ZAP to start and the passive scan to run -U user username to use for authenticated scans - must be defined in the given context file -O the hostname to override in the (remote) OpenAPI spec -z zap_options ZAP command line options e.g. -z "-config aaa=bbb -config ccc=ddd" --hook path to python file that define your custom hooks --schema GraphQL schema location, URL or file, e.g. https://www.example.com/schema.graphqls

For more details see https://www.zaproxy.org/docs/docker/api-scan/ Error: Process completed with exit code 3.