Add a flag so that we can get the full report with request / response bodey / headers

[bhecquet]

What feature do you want to see added?

For now, when looking at the (nice) zap pipeline report, it may be difficult to analyze what happens and reproduce the problem because headers and bodies are not available.

I would like the report to give these information

Upstream changes

No response

[shardy-lbar]

The raw json and xml reports are direct from the Report API on zap (https://www.zaproxy.org/docs/api/#coreotherjsonreport).

These reports only include the following details on each alert instance, which we also display in the UX report:

• uri
• method
• param
• evidence
• attack

The API docs for Zap are not the easiest to read, especially as they are lacking the schema for the response from each API.

If you (or others) are aware of any API on Zap that can fetch further details on the incidents (to the degree that you require) we could then look to use them to augment the existing json/xml/UX reports.

Otherwise it may be a while before I get enough free time to manually experiment with all the zap APIs in order to find this information.