-
Notifications
You must be signed in to change notification settings - Fork 5
34 lines (30 loc) · 1.02 KB
/
zap-scan.yml
File metadata and controls
34 lines (30 loc) · 1.02 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
name: ZAP Security Scan
on:
workflow_dispatch:
inputs:
url:
description: "URL to scan (default is the GitHub Pages site)"
required: true
default: "https://hack23.github.io/game/"
# Restrict permissions to minimum required
permissions:
contents: read
issues: write # Required if you want ZAP to create GitHub issues for vulnerabilities
jobs:
zap_scan:
name: ZAP Security Scan
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40 # v2.19.0
with:
egress-policy: audit
- name: ZAP Scan
uses: zaproxy/action-full-scan@3c58388149901b9a03b7718852c5ba889646c27c # v0.13.0
with:
token: ${{ github.token }}
docker_name: "ghcr.io/zaproxy/zaproxy:stable"
target: ${{ github.event.inputs.url }}
# Uncomment and configure additional ZAP options as needed
# rules_file_name: '.zap/rules.tsv'
# cmd_options: '-a'