2023-11-11 17:01:47 +00:00
|
|
|
name: Perform Security Audit with ZAProxy
|
2023-10-31 11:57:15 +00:00
|
|
|
# Use ZAP Proxy to perform a full scan of the production site.
|
|
|
|
|
|
|
|
on:
|
|
|
|
# manually trigger workflow
|
|
|
|
workflow_dispatch:
|
|
|
|
|
2023-11-11 16:40:36 +00:00
|
|
|
# Listen for Production deployments
|
|
|
|
workflow_run:
|
|
|
|
workflows: [pages-build-deployment]
|
|
|
|
types:
|
|
|
|
- completed
|
|
|
|
|
2023-10-31 11:57:15 +00:00
|
|
|
jobs:
|
2023-11-10 16:37:10 +00:00
|
|
|
zap_scan:
|
2023-10-31 11:57:15 +00:00
|
|
|
runs-on: ubuntu-latest
|
|
|
|
name: Scan Production Site
|
|
|
|
steps:
|
2023-10-31 14:16:14 +00:00
|
|
|
- name: Set Date (NOW) as Variable
|
|
|
|
id: set-now
|
2023-10-31 11:57:15 +00:00
|
|
|
run: |
|
2023-10-31 14:16:14 +00:00
|
|
|
echo "NOW=$(date +'%Y-%m-%d')" >> "$GITHUB_OUTPUT"
|
2023-10-31 11:57:15 +00:00
|
|
|
|
2023-11-10 16:37:10 +00:00
|
|
|
- name: Checkout Repo for .zap/rules.tsv
|
2023-10-31 11:57:15 +00:00
|
|
|
uses: actions/checkout@v4
|
|
|
|
|
2023-11-10 16:37:10 +00:00
|
|
|
- name: ZAP Full Scan
|
|
|
|
# https://github.com/zaproxy/action-full-scan
|
2023-10-31 11:57:15 +00:00
|
|
|
uses: zaproxy/action-full-scan@v0.7.0
|
|
|
|
with:
|
|
|
|
target: 'https://chitchatter.im/'
|
|
|
|
rules_file_name: '.zap/rules.tsv'
|
2023-10-31 14:16:14 +00:00
|
|
|
artifact_name: 'zap_scan_${{ steps.set-now.outputs.NOW }}'
|
2023-11-11 17:01:47 +00:00
|
|
|
allow_issue_writing: false
|