46 lines
1.4 KiB
YAML
46 lines
1.4 KiB
YAML
name: Perform Weekly Security Audit with ZAProxy
|
|
# Use ZAP Proxy to perform a full scan of the production site.
|
|
# Scan automatically opens an issue after completion
|
|
# with results of the audit.
|
|
|
|
on:
|
|
schedule:
|
|
# 00:00 UTC Midnight on Mondays
|
|
- cron: '0 0 * * 1'
|
|
|
|
# manually trigger workflow
|
|
workflow_dispatch:
|
|
|
|
jobs:
|
|
zap_scan:
|
|
runs-on: ubuntu-latest
|
|
name: Scan Production Site
|
|
steps:
|
|
- name: Set Date (NOW) as Variable
|
|
id: set-now
|
|
run: |
|
|
echo "NOW=$(date +'%Y-%m-%d')" >> "$GITHUB_OUTPUT"
|
|
|
|
- name: Checkout Repo for .zap/rules.tsv
|
|
uses: actions/checkout@v4
|
|
with:
|
|
ref: main
|
|
|
|
- name: ZAP Full Scan
|
|
# https://github.com/zaproxy/action-full-scan
|
|
uses: zaproxy/action-full-scan@v0.7.0
|
|
with:
|
|
target: 'https://chitchatter.im/'
|
|
rules_file_name: '.zap/rules.tsv'
|
|
issue_title: 'Security Report - ${{ steps.set-now.outputs.NOW }}'
|
|
artifact_name: 'zap_scan_${{ steps.set-now.outputs.NOW }}'
|
|
|
|
- name: Add Security Label to Security Report - ${{ steps.set-now.outputs.NOW }}
|
|
# https://github.com/actions-ecosystem/action-add-labels
|
|
uses: actions-ecosystem/action-add-labels@v1
|
|
if: ${{ startsWith('Security Report - ${{ steps.set-now.outputs.NOW }}', '/add-labels')}}
|
|
with:
|
|
labels: |
|
|
security
|
|
reports
|