-
Notifications
You must be signed in to change notification settings - Fork 1
54 lines (50 loc) · 1.77 KB
/
zap-owasp.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
name: ZAP OWASP Scan Code
on:
workflow_call:
env:
PGUSER: postgres
DJANGO_SECRET_KEY: ${{ secrets.DJANGO_SECRET_KEY }}
jobs:
zap-scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: dev env setup
uses: ./.github/actions/dev-env-setup
- name: run app locally
uses: ./.github/actions/run-registration1-app
with:
django_secret_key: ${{ env.DJANGO_SECRET_KEY }}
- name: ZAP Frontend Scan
uses: zaproxy/action-baseline@v0.12.0
with:
token: ${{ secrets.GITHUB_TOKEN }}
docker_name: "ghcr.io/zaproxy/zaproxy:stable"
target: "http://localhost:3000/"
rules_file_name: ".zap/rules-frontend.tsv"
cmd_options: "-a -d -T 5 -m 2"
issue_title: OWASP Baseline - Frontend
fail_action: false
allow_issue_writing: false
- name: ZAP Backend Scan
uses: zaproxy/action-baseline@v0.12.0
with:
token: ${{ secrets.GITHUB_TOKEN }}
docker_name: "ghcr.io/zaproxy/zaproxy:stable"
target: "http://0.0.0.0:8000/"
rules_file_name: ".zap/rules-backend.tsv"
cmd_options: "-a -d -T 5 -m 2"
issue_title: OWASP Baseline - Backend
fail_action: false
allow_issue_writing: false
# Retry the workflow due to secondary rate limiting errors causing frequent failures
retry-on-failure:
needs: zap-scan
if: failure() || needs.zap-scan.result != 'success' && fromJSON(github.run_attempt) < 3 && !cancelled()
runs-on: ubuntu-latest
steps:
- env:
GH_REPO: ${{ github.repository }}
GH_TOKEN: ${{ github.token }}
GH_DEBUG: api
run: gh workflow run retry-workflow.yaml -F run_id=${{ github.run_id }}