DAST - Zed Attack Proxy (ZAP) Full Scan #48
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # https://www.zaproxy.org/ | |
| # https://www.zaproxy.org/docs/ | |
| # https://github.com/zaproxy/ | |
| # https://www.zaproxy.org/docs/automate/ | |
| # https://github.com/zaproxy/action-full-scan | |
| name: DAST - Zed Attack Proxy (ZAP) Full Scan | |
| on: | |
| push: | |
| branches: [main] | |
| schedule: | |
| - cron: 0 1 * * 0 | |
| env: | |
| ZAP_TARGET: "https://app-juice-shop.azurewebsites.net" # Change this to your target URL | |
| buildAndStart: "false" # Change to "true" to build and start the application if not running | |
| imageName: "webapp01" | |
| tag: ${{ github.sha }} | |
| HOST_PORT: "8080" | |
| CONTAINER_PORT: "8000" | |
| permissions: | |
| contents: read | |
| security-events: write # for github/codeql-action/upload-sarif to upload SARIF results | |
| #issues: write # to create issues for alerts | |
| jobs: | |
| zap_scan: | |
| name: ZAP Full Scan | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| # build and start your application here | |
| # conditionally run the build step | |
| # assuming the application is a Docker container | |
| - name: Check if application is running, if not, build and start it | |
| if: env.buildAndStart == 'true' | |
| run: | | |
| if ! curl -s --head --request GET ${{ env.ZAP_TARGET }} | grep "200 OK" > /dev/null; then | |
| echo "Application is not running. Building and starting the application..." | |
| docker build ./src/webapp01 --file ./src/webapp01/Dockerfile -t ${{ env.imageName }}:${{ env.tag }} | |
| echo "Starting the application..." | |
| docker run -d --rm -p ${{ env.HOST_PORT }}:${{ env.CONTAINER_PORT }} ${{ env.imageName }}:${{ env.tag }} | |
| else | |
| echo "Application is already running." | |
| fi | |
| - name: Run ZAP Scan | |
| uses: zaproxy/[email protected] | |
| id: zap | |
| with: | |
| allow_issue_writing: false | |
| target: "${{ env.ZAP_TARGET }}" | |
| artifact_name: "zap-full-scan" | |
| - name: ZAP Scan | |
| uses: zaproxy/[email protected] | |
| with: | |
| allow_issue_writing: false | |
| target: "${{ env.ZAP_TARGET }}" | |
| - name: Show results | |
| run: | | |
| ls | |
| - uses: githubabcs-devops/zap-to-ghas@main | |
| - name: Upload SARIF file | |
| uses: github/codeql-action/upload-sarif@v3 | |
| with: | |
| sarif_file: results.sarif |