Add ZAP baseline scan to CI

Dynamically scan AtoM for OWASP top ten issues. Limit reporting to WARN
and above.

.github/workflows/zap-baseline.yml

@@ -0,0 +1,60 @@
+name: DAST Scan
+
+on:
+  pull_request:
+  push:
+    branches:
+    - qa/**
+    - stable/**
+    - dev/owasp-zap-ci
+
+jobs:
+  dynamic-analysis:
+    runs-on: ubuntu-22.04
+    strategy:
+      fail-fast: false
+    name: ZAP Baseline Test
+    env:
+      COMPOSE_FILE: ${{ github.workspace }}/docker/docker-compose.dev.yml
+    steps:
+    - name: Check out code
+      uses: actions/checkout@v4
+
+    - name: Create Docker Network
+      run: |
+        docker network create zap_network
+
+    - name: Build and Run AtoM Docker Containers
+      run: |
+        docker compose up -d
+        docker network connect zap_network $(docker compose ps -q atom)
+
+    - name: Run Setup Commands in AtoM Container
+      run: |
+        docker exec -it $(docker compose ps -q atom) /bin/sh -c "sudo npm install -g 'less@<4.0.0' && make -C plugins/arDominionPlugin && make -C plugins/arArchivesCanadaPlugin && npm run build"
+
+    # - name: OWASP ZAP baseline scan
+    #   uses: zaproxy/[email protected]
+    #   with:
+    #     target: 'http://localhost:63001'
+    #     target: 'https://blossom.analyst.accesstomemory.net'
+    #     docker_name: 'ghcr.io/zaproxy/zaproxy:stable'
+    #     allow_issue_writing: false
+    #     cmd_options: '-a -r zap_report.html -l WARN'
+
+    # - name: Run OWASP ZAP Baseline Scan
+    #   uses: ghcr.io/zaproxy/zaproxy:stable
+    #   with:
+    #     args: "zap-baseline.py -t http://localhost:63001 -r zap_report.html -l WARN -T 1"
+
+    # - name: Upload ZAP Report
+    #   uses: actions/upload-artifact@v4
+    #   with:
+    #     name: zap_report
+    #     path: zap_report.html
+
+
+    - name: Clean Up Docker Containers
+      run: |
+        docker compose down
+        docker network rm zap_network