rename docker-compose file and add a getting started in the readme

.gitignore

@@ -15,4 +15,5 @@ build/*
 _site/
 *.css
 !petclinic.css
-zap-report/zap-report.html
+
+zap-report/*

readme.md

@@ -1,3 +1,25 @@
+# Getting started
+
+## Running a build pipeline
+
+```
+docker-compose -f docker-compose_spring-petclinic.yml  up -d
+```
+
+Go to the following locations:
+* [petclinic](http://localhost:8080)
+* [jenkins](http://localhost:8081)
+* [sonarqube](http://localhost:9000)
+* [promethius](http://localhost:8080/prometheus)
+* [zap](http://localhost:8080/zap)
+
+
+## Stopping a build pipeline
+```
+docker-compose -f docker-compose_spring-petclinic.yml  down
+```
+
+
 # Setting up Jenkins
 
 ## Steps 1: Set up Jenkins in Docker

zap-report/gen.conf

@@ -1,69 +0,0 @@
-# zap-baseline rule configuration file
-# Change WARN to IGNORE to ignore rule or FAIL to fail if rule matches
-# Only the rule identifiers are used - the names are just for info
-# You can add your own messages to each rule by appending them after a tab on each line.
-10003	WARN	(Vulnerable JS Library (Powered by Retire.js))
-10009	WARN	(In Page Banner Information Leak)
-10010	WARN	(Cookie No HttpOnly Flag)
-10011	WARN	(Cookie Without Secure Flag)
-10015	WARN	(Re-examine Cache-control Directives)
-10017	WARN	(Cross-Domain JavaScript Source File Inclusion)
-10019	WARN	(Content-Type Header Missing)
-10020	WARN	(Anti-clickjacking Header)
-10021	WARN	(X-Content-Type-Options Header Missing)
-10023	WARN	(Information Disclosure - Debug Error Messages)
-10024	WARN	(Information Disclosure - Sensitive Information in URL)
-10025	WARN	(Information Disclosure - Sensitive Information in HTTP Referrer Header)
-10026	WARN	(HTTP Parameter Override)
-10027	WARN	(Information Disclosure - Suspicious Comments)
-10028	WARN	(Open Redirect)
-10029	WARN	(Cookie Poisoning)
-10030	WARN	(User Controllable Charset)
-10031	WARN	(User Controllable HTML Element Attribute (Potential XSS))
-10032	WARN	(Viewstate)
-10033	WARN	(Directory Browsing)
-10034	WARN	(Heartbleed OpenSSL Vulnerability (Indicative))
-10035	WARN	(Strict-Transport-Security Header)
-10036	WARN	(HTTP Server Response Header)
-10037	WARN	(Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s))
-10038	WARN	(Content Security Policy (CSP) Header Not Set)
-10039	WARN	(X-Backend-Server Header Information Leak)
-10040	WARN	(Secure Pages Include Mixed Content)
-10041	WARN	(HTTP to HTTPS Insecure Transition in Form Post)
-10042	WARN	(HTTPS to HTTP Insecure Transition in Form Post)
-10043	WARN	(User Controllable JavaScript Event (XSS))
-10044	WARN	(Big Redirect Detected (Potential Sensitive Information Leak))
-10049	WARN	(Content Cacheability)
-10050	WARN	(Retrieved from Cache)
-10052	WARN	(X-ChromeLogger-Data (XCOLD) Header Information Leak)
-10054	WARN	(Cookie without SameSite Attribute)
-10055	WARN	(CSP)
-10056	WARN	(X-Debug-Token Information Leak)
-10057	WARN	(Username Hash Found)
-10061	WARN	(X-AspNet-Version Response Header)
-10062	WARN	(PII Disclosure)
-10063	WARN	(Permissions Policy Header Not Set)
-10096	WARN	(Timestamp Disclosure)
-10097	WARN	(Hash Disclosure)
-10098	WARN	(Cross-Domain Misconfiguration)
-10099	WARN	(Source Code Disclosure)
-10105	WARN	(Weak Authentication Method)
-10108	WARN	(Reverse Tabnabbing)
-10109	WARN	(Modern Web Application)
-10110	WARN	(Dangerous JS Functions)
-10111	WARN	(Authentication Request Identified)
-10112	WARN	(Session Management Response Identified)
-10113	WARN	(Verification Request Identified)
-10115	WARN	(Script Served From Malicious Domain (polyfill))
-10202	WARN	(Absence of Anti-CSRF Tokens)
-2	WARN	(Private IP Disclosure)
-3	WARN	(Session ID in URL Rewrite)
-50001	WARN	(Script Passive Scan Rules)
-90001	WARN	(Insecure JSF ViewState)
-90002	WARN	(Java Serialization Object)
-90003	WARN	(Sub Resource Integrity Attribute Missing)
-90004	WARN	(Insufficient Site Isolation Against Spectre Vulnerability)
-90011	WARN	(Charset Mismatch)
-90022	WARN	(Application Error Disclosure)
-90030	WARN	(WSDL File Detection)
-90033	WARN	(Loosely Scoped Cookie)