remnantchat/.github/workflows/security.yml

36 lines
1.0 KiB
YAML

name: Perform Weekly Security Audit with ZAProxy
# Use ZAP Proxy to perform a full scan of the production site.
# Scan automatically opens an issue after completion
# with results of the audit.
on:
schedule:
# 00:00 UTC Midnight on Mondays
- cron: '0 0 * * 1'
# manually trigger workflow
workflow_dispatch:
jobs:
zap_scan: # https://github.com/zaproxy/action-full-scan
runs-on: ubuntu-latest
name: Scan Production Site
steps:
- name: Set Date (NOW) as Variable
id: set-now
run: |
echo "NOW=$(date +'%Y-%m-%d')" >> "$GITHUB_OUTPUT"
- name: Checkout Main Branch for .zap/rules.tsv
uses: actions/checkout@v4
with:
ref: 'main'
- name: ZAP Scan
uses: zaproxy/action-full-scan@v0.7.0
with:
target: 'https://chitchatter.im/'
rules_file_name: '.zap/rules.tsv'
issue_title: 'Security Report - ${{ steps.set-now.outputs.NOW }}'
artifact_name: 'zap_scan_${{ steps.set-now.outputs.NOW }}'