I have an automated penetration test using REST APIs of ZAP proxy as below.

  @Test
  public void apiPenetrationTest() {

     // call /JSON/context/action/newContext/

     // call /JSON/context/action/includeInContext/

    // call /JSON/ascan/action/scan/
    
  }

I made the api.disablekey=true so i don’t need to have an authentication token inorder to commiunicate with zap and this test works well in my local machine.

However when i run the test in jenkins, i get 400 while calling the /JSON/ascan/action/scan/ as below logs show:

17:20:20  Request URI:  http://zap/JSON/ascan/action/scan/?contextId=1
17:20:20  Proxy:            http://zap-proxy-host:80
17:20:20  Request params:   contextId=1
17:20:20  Query params: <none>
17:20:20  Form params:  <none>
17:20:20  Path params:  <none>
17:20:20  Headers:      Accept=*/*
17:20:20                Content-Type=application/json
17:20:20  Cookies:      <none>
17:20:20  Multiparts:       <none>
17:20:20  Body:         <none>
17:20:20  2024-05-24 15:20:20 DEBUG Thread-17 org.apache.http.impl.conn.BasicClientConnectionManager:161 - Get connection for route {}->http://172.20.28.200:80->http://zap:80
17:20:20  2024-05-24 15:20:20 DEBUG Thread-17 org.apache.http.impl.conn.DefaultClientConnectionOperator:177 - Connecting to 172.20.28.200:80
17:20:20  2024-05-24 15:20:20 DEBUG Thread-17 org.apache.http.client.protocol.RequestAddCookies:123 - CookieSpec selected: ignoreCookies
17:20:20  2024-05-24 15:20:20 DEBUG Thread-17 org.apache.http.client.protocol.RequestAuthCache:77 - Auth cache not set in the context
17:20:20  2024-05-24 15:20:20 DEBUG Thread-17 org.apache.http.client.protocol.RequestTargetAuthentication:80 - Target auth state: UNCHALLENGED
17:20:20  2024-05-24 15:20:20 DEBUG Thread-17 org.apache.http.client.protocol.RequestProxyAuthentication:89 - Proxy auth state: UNCHALLENGED
17:20:20  2024-05-24 15:20:20 DEBUG Thread-17 org.apache.http.impl.client.DefaultHttpClient:677 - Attempt 1 to execute request
17:20:20  2024-05-24 15:20:20 DEBUG Thread-17 org.apache.http.impl.conn.DefaultClientConnection:274 - Sending request: GET http://zap/JSON/ascan/action/scan/?contextId=1 HTTP/1.1
17:20:20  2024-05-24 15:20:20 DEBUG Thread-17 org.apache.http.impl.conn.DefaultClientConnection:259 - Receiving response: HTTP/1.1 400 Bad Request
17:20:20  2024-05-24 15:20:20 DEBUG Thread-17 org.apache.http.impl.client.DefaultHttpClient:504 - Connection can be kept alive indefinitely
17:20:20  2024-05-24 15:20:20 DEBUG Thread-17 io.restassured.internal.RestAssuredHttpBuilder:553 - Parsing response as: application/json; charset=UTF-8
17:20:20  2024-05-24 15:20:20 DEBUG Thread-17 io.restassured.internal.RestAssuredHttpBuilder:556 - Parsed data to instance of: class org.apache.http.conn.EofSensorInputStream
17:20:20  2024-05-24 15:20:20 DEBUG Thread-17 org.apache.http.impl.conn.BasicClientConnectionManager:200 - Releasing connection org.apache.http.impl.conn.ManagedClientConnectionImpl@620fc32a
17:20:20  2024-05-24 15:20:20 DEBUG Thread-17 org.apache.http.impl.conn.BasicClientConnectionManager:225 - Connection can be kept alive indefinitely
17:20:20  2024-05-24 15:20:20 INFO  Thread-17 de.vwag.fda.api.utils.CustomRequestFilter:35 - ====={ "method": "GET" , "path": "/JSON/ascan/action/scan/" , "statusCode": 400 }
17:20:20  HTTP/1.1 400 Bad Request
17:20:20  pragma: no-cache
17:20:20  cache-control: no-cache, no-store, must-revalidate
17:20:20  content-security-policy: default-src 'none'; script-src 'self'; connect-src 'self'; child-src 'self'; img-src 'self' data:; font-src 'self' data:; style-src 'self'
17:20:20  referrer-policy: no-referrer
17:20:20  access-control-allow-methods: GET,POST,OPTIONS
17:20:20  access-control-allow-headers: ZAP-Header
17:20:20  x-frame-options: DENY
17:20:20  x-xss-protection: 1; mode=block
17:20:20  x-content-type-options: nosniff
17:20:20  x-clacks-overhead: GNU Terry Pratchett
17:20:20  content-length: 58
17:20:20  content-type: application/json; charset=UTF-8
17:20:20  date: Fri, 24 May 2024 15:20:19 GMT
17:20:20  
17:20:20  {
17:20:20      "code": "missing_parameter",
17:20:20      "message": "Missing Parameter"
17:20:20  }

Please notice i didn’t use any special plugin to run the zap in jenkins. it is just setup as an independent service in my k8s.
My question is, if i really missed a parameter then why it works well on my local machine ?