forked from Shiloh/remnantchat
35 lines
975 B
YAML
35 lines
975 B
YAML
|
name: Perform Weekly Security Audit with ZAProxy
|
||
|
|
# Use ZAP Proxy to perform a full scan of the production site.
|
||
|
|
# Scan automatically opens an issue after completion
|
||
|
|
# with results of the audit.
|
||
|
|
|
||
|
|
on:
|
||
|
|
schedule:
|
||
|
|
# 00:00 UTC Midnight on Mondays
|
||
|
|
- cron: '0 0 * * 1'
|
||
|
|
|
||
|
|
# manually trigger workflow
|
||
|
|
workflow_dispatch:
|
||
|
|
|
||
|
|
jobs:
|
||
|
|
zap_scan: # https://github.com/zaproxy/action-full-scan
|
||
|
|
runs-on: ubuntu-latest
|
||
|
|
name: Scan Production Site
|
||
|
|
steps:
|
||
|
|
- name: Set Date (NOW) as Env Var
|
||
|
|
run: |
|
||
|
|
echo "::set-env name=NOW::$(date +'%Y-%m-%d')"
|
||
|
|
|
||
|
|
- name: Checkout Main Branch for .zap/rules.tsv
|
||
|
|
uses: actions/checkout@v4
|
||
|
|
with:
|
||
|
|
ref: 'main'
|
||
|
|
|
||
|
|
- name: ZAP Scan
|
||
|
|
uses: zaproxy/action-full-scan@v0.7.0
|
||
|
|
with:
|
||
|
|
target: 'https://chitchatter.im/'
|
||
|
|
rules_file_name: '.zap/rules.tsv'
|
||
|
|
issue_title: 'Security Report - ${{ env.NOW }}'
|
||
|
|
artifact_name: 'zap_scan_${{ env.NOW }}'
|