forked from Shiloh/remnantchat
5317d6fa68
* fix(zap_scan): check out ref associated with run * fix(zap_scan): use actions/github-script for labeling issues
35 lines
1006 B
YAML
35 lines
1006 B
YAML
name: Perform Weekly Security Audit with ZAProxy
|
|
# Use ZAP Proxy to perform a full scan of the production site.
|
|
# Scan automatically opens an issue after completion
|
|
# with results of the audit.
|
|
|
|
on:
|
|
schedule:
|
|
# 00:00 UTC Midnight on Mondays
|
|
- cron: '0 0 * * 1'
|
|
|
|
# manually trigger workflow
|
|
workflow_dispatch:
|
|
|
|
jobs:
|
|
zap_scan:
|
|
runs-on: ubuntu-latest
|
|
name: Scan Production Site
|
|
steps:
|
|
- name: Set Date (NOW) as Variable
|
|
id: set-now
|
|
run: |
|
|
echo "NOW=$(date +'%Y-%m-%d')" >> "$GITHUB_OUTPUT"
|
|
|
|
- name: Checkout Repo for .zap/rules.tsv
|
|
uses: actions/checkout@v4
|
|
|
|
- name: ZAP Full Scan
|
|
# https://github.com/zaproxy/action-full-scan
|
|
uses: zaproxy/action-full-scan@v0.7.0
|
|
with:
|
|
target: 'https://chitchatter.im/'
|
|
rules_file_name: '.zap/rules.tsv'
|
|
issue_title: 'Security Report - ${{ steps.set-now.outputs.NOW }}'
|
|
artifact_name: 'zap_scan_${{ steps.set-now.outputs.NOW }}'
|