Skip to content

[MDS-4940] Adding zapscan for minespace, coreweb, and coreapi#3626

Merged
asinn134 merged 17 commits intodevelopfrom
mds-4940-minespace-and-core-zapscan
Aug 21, 2025
Merged

[MDS-4940] Adding zapscan for minespace, coreweb, and coreapi#3626
asinn134 merged 17 commits intodevelopfrom
mds-4940-minespace-and-core-zapscan

Conversation

@asinn134
Copy link
Collaborator

@asinn134 asinn134 commented Aug 7, 2025
edited
Loading

Objective

MDS-4940

  • Adding front end zapscan for minespace, and coreweb

asinn134 added 17 commits August 7, 2025 12:07
@asinn134
adding zapscan for minespace, coreweb, and coreapi
f580313
@asinn134
change to make report name unique among scans
f0d02d1
@asinn134
attempt to fix coreweb and minespace zap scan failing
00acb60
@asinn134
attempt to fix scans again
ce46087
@asinn134
trying setting artifact name to fix error
94a5820
@asinn134
artifact name change
50d50ca
@asinn134
artifact name change again
731f407
@asinn134
artifact setting change
83e472d
@asinn134
artifact value changeg
00bbe95
@asinn134
base scan version change
84eb110
@asinn134
artifact setting change
37b9e16
@asinn134
testing against artifact name issue
cd095d3
@asinn134
testing to see if to front end base scans can work when ran together
0e61858
@asinn134
clean up for front end zap scans, and adjustment to attempt to fix ba…
5c7ecb9 
…ckend scan
@asinn134
adding fail_action attribute to core api scan
6ea46f8
@asinn134
commenting out core api zap scan for now
946071a
@asinn134
removing core api zap scan file
85540c9
@asinn134 asinn134 added the 👍 Ready for review Pull request has been double checked by the author and is ready for comments and feedback. label Aug 15, 2025
@simensma-fresh simensma-fresh requested a review from Copilot August 19, 2025 20:12
Copilot AI reviewed Aug 19, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds ZAP (OWASP Zed Attack Proxy) security scanning workflows for frontend applications including MineSpace and Core Web. The implementation sets up automated daily security scans that can also be triggered manually.

Key changes:

  • Added scheduled ZAP baseline scans for two frontend applications
  • Configured workflows to run daily at 08:00 UTC and support manual triggers
  • Set up artifact upload for scan reports

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File Description
.github/workflows/zap-scan-minespace.yaml Adds ZAP security scanning workflow for MineSpace frontend application
.github/workflows/zap-scan-core-web.yaml Adds ZAP security scanning workflow for Core Web frontend application

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

.github/workflows/zap-scan-minespace.yaml

on:
schedule:
- cron: "0 8 * * *" # Runs at 08:00 UTC (Midnight PST)
Copy link

Copilot AI Aug 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The comment incorrectly states "Midnight PST". 08:00 UTC is actually 1:00 AM PST (or 12:00 AM PDT during daylight saving time), not midnight.

Suggested change
- cron: "0 8 * * *" # Runs at 08:00 UTC (Midnight PST)
- cron: "0 8 * * *" # Runs at 08:00 UTC (1:00 AM PST, or 12:00 AM PDT during daylight saving time)

Copilot uses AI. Check for mistakes.
.github/workflows/zap-scan-core-web.yaml

on:
schedule:
- cron: "0 8 * * *" # Runs at 08:00 UTC (Midnight PST)
Copy link

Copilot AI Aug 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The comment incorrectly states "Midnight PST". 08:00 UTC is actually 1:00 AM PST (or 12:00 AM PDT during daylight saving time), not midnight.

Suggested change
- cron: "0 8 * * *" # Runs at 08:00 UTC (Midnight PST)
- cron: "0 8 * * *" # Runs at 08:00 UTC (1:00 AM PST, or 12:00 AM PDT during daylight saving time)

Copilot uses AI. Check for mistakes.
@asinn134 asinn134 merged commit fc94b8d into develop Aug 21, 2025
9 checks passed
@asinn134 asinn134 deleted the mds-4940-minespace-and-core-zapscan branch August 21, 2025 22:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@simensma-fresh simensma-fresh simensma-fresh approved these changes

@matbusby-fw matbusby-fw Awaiting requested review from matbusby-fw

@sggerard sggerard Awaiting requested review from sggerard

+1 more reviewer

@taraepp taraepp taraepp approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

👍 Ready for review Pull request has been double checked by the author and is ready for comments and feedback.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@asinn134 @simensma-fresh @taraepp