Skip to content

Add ZAP baseline scan to CI #14

Add ZAP baseline scan to CI

Add ZAP baseline scan to CI #14

Workflow file for this run

name: DAST Scan
on:
pull_request:
push:
branches:
- qa/**
- stable/**
- dev/owasp-zap-ci
jobs:
dynamic-analysis:
runs-on: ubuntu-22.04
strategy:
fail-fast: false
name: ZAP Baseline Test
env:
COMPOSE_FILE: ${{ github.workspace }}/docker/docker-compose.dev.yml
steps:
- name: Check out code
uses: actions/checkout@v4
- name: Create Docker Network
run: |
docker network create zap_network
- name: Build and Run AtoM Docker Containers
run: |
docker compose up -d
docker network connect zap_network $(docker compose ps -q atom)
- name: Run Setup Commands in AtoM Container
run: |
docker exec $(docker compose ps -q atom) /bin/sh -c "sudo npm install -g 'less@<4.0.0' && make -C plugins/arDominionPlugin && make -C plugins/arArchivesCanadaPlugin && npm run build"
# - name: OWASP ZAP baseline scan
# uses: zaproxy/[email protected]
# with:
# target: 'http://localhost:63001'
# target: 'https://blossom.analyst.accesstomemory.net'
# docker_name: 'ghcr.io/zaproxy/zaproxy:stable'
# allow_issue_writing: false
# cmd_options: '-a -r zap_report.html -l WARN'
# - name: Run OWASP ZAP Baseline Scan
# uses: ghcr.io/zaproxy/zaproxy:stable
# with:
# args: "zap-baseline.py -t http://localhost:63001 -r zap_report.html -l WARN -T 1"
# - name: Upload ZAP Report
# uses: actions/upload-artifact@v4
# with:
# name: zap_report
# path: zap_report.html
- name: Clean Up Docker Containers
run: |
docker compose down
docker network rm zap_network