Skip to content
OWASP Zap Scan and Report

update #92

Sign in to view logs

update

update #92

Workflow file for this run

.github/workflows/zap-scan.yml at 28b14c7
name: OWASP Zap Scan and Report
on:
push:
branches: [ zap-integration ]
schedule:
- cron: '0 4 * * *' # run every day at midnight
permissions:
id-token: write
jobs:
Zap_nightly_run:
name: Zap Nightly Run (for nightly cron with JIRA)
runs-on: ubuntu-latest
if: github.event_name == 'push'
steps:
- name: Checkout
uses: actions/checkout@v2
- name: set branch_name
run: |
if [[ "$GITHUB_REF" =~ ^refs/heads/dependabot/.* ]]; then # Dependabot builds very long branch names. This is a switch to make it shorter.
echo "branch_name=`echo ${GITHUB_REF#refs/heads/} | md5sum | head -c 10 | sed 's/^/x/'`" >> $GITHUB_ENV
else
echo "branch_name=${GITHUB_REF#refs/heads/}" >> $GITHUB_ENV
fi
- uses: actions/checkout@v3
- name: Validate branch name
run: ./.github/branch-name-validation.sh $STAGE_PREFIX$branch_name
- name: set branch specific variable names
run: ./.github/build-vars.sh set_names
- name: set variable values
run: ./.github/build-vars.sh set_values
env:
AWS_DEFAULT_REGION: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_AWS_DEFAULT_REGION] || secrets.AWS_DEFAULT_REGION }}
AWS_OIDC_ROLE_TO_ASSUME: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_AWS_OIDC_ROLE_TO_ASSUME] || secrets.AWS_OIDC_ROLE_TO_ASSUME }}
STAGE_PREFIX: ${{ secrets.STAGE_PREFIX }}
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
CODE_CLIMATE_ID: ${{ secrets.CODE_CLIMATE_ID }}
# - name: install requests
# run: pip install requests
# - name: OWASP ZAP Baseline Scan
# continue-on-error: true
# uses: zaproxy/action-full-scan@v0.5.1
# with:
# target: "https://dhlhkf03xxt44.cloudfront.net"
# cmd_options: -U "internaluser@test.com" -n /zap/wrk/eval-context.json
- name: Cat output
run: |
echo ${{ env.AWS_OIDC_ROLE_TO_ASSUME }}
# - name: Parse Zap output and create Jira tickets
# uses: Enterprise-CMCS/macfc-security-scan-report@v1.0.3
# with:
# jira-username: ${{ secrets.JIRA_SERVICE_USERNAME }}
# jira-token: ${{ secrets.JIRA_SERVICE_USER_TOKEN }}
# jira-host: 'qmacbis.atlassian.net'
# jira-project-key: 'MDCT'
# jira-issue-type: 'Task'
# jira-custom-field-key-value: '{ "customfield_10007" : "MDCT-2280", "customfield_14154" : [{"id": "16958", "value": "MCR"}] }'
# jira-labels: 'MCR,zap'
# jira-title-prefix: '[MCR] - Zap :'
# zap-risk-code: '2'
# scan-output-path: 'report_json.json'
# scan-type: 'zap'