Skip to content
OWASP Zap Scan and Report

actions test #17

Sign in to view logs

actions test

actions test #17

Workflow file for this run

.github/workflows/zap-scan.yml at 3b3db46
name: OWASP Zap Scan and Report
on:
push:
branches: [ zap-integration ]
pull_request:
branches: [ main ]
permissions:
id-token: write
jobs:
zap_scan:
permissions:
contents: write
runs-on: ubuntu-latest
name: Run Zap Scan for PR and Push
if: github.event_name == 'pull_request' || 'push'
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Set up Node.js
uses: actions/setup-node@v2
with:
node-version: 16
- name: OWASP ZAP Baseline Scan
continue-on-error: true
uses: zaproxy/action-baseline@v0.3.0
with:
target: "https://d37uopclgv3e6p.cloudfront.net/"
- name: Install Jira library for Node.js
run: npm install jira-client --legacy-peer-deps
- name: Parse Zap output and create Jira tickets
uses: Enterprise-CMCS/macfc-security-scan-report@v1.0.0
env:
jira-username: ${{ secrets.JIRA_SERVICE_USERNAME }}
jira-token: ${{ secrets.JIRA_SERVICE_USER_TOKEN }}
jira-host: qmacbis.atlassian.net
jira-project-key: MDCT
jira-issue-type: Task
jira-custom-fields: '{"customfield_10007": "MDCT-2280"}'
jira-labels: MCR,zap
jira-title-prefix: '[MCR] - Zap :'
zap-risk-code: '2'
zap-scan-output-path: 'report_json.json'
# env:
# SCAN_OUTPUT_FILE_PATH: 'report_json.json'
# ZAP_RISK_CODE: '2'
# JIRA_PROJECT_KEY: MDCT
# JIRA_ISSUE_TYPE: Task
# JIRA_LABELS: MCR,zap
# JIRA_EPIC_KEY: MDCT-2280
# JIRA_TITLE_PREFIX: '[MCR] - Zap :'
# JIRA_BASE_URL: qmacbis.atlassian.net
# JIRA_API_TOKEN: ${{ secrets.JIRA_SERVICE_USER_TOKEN }}
# JIRA_USER_EMAIL: ${{ secrets.JIRA_SERVICE_USERNAME }}