chore: add server to zap scan

bcgov · Sep 19, 2023 · 55b35c2 · 55b35c2
1 parent e316124
commit 55b35c2
Showing 1 changed file with 14 additions and 3 deletions.
diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
@@ -156,13 +156,24 @@ jobs:
         uses: ./.github/actions/dev-env-setup
       - name: run app locally
         uses: ./.github/actions/local-app-run
-      - name: ZAP Base Scan
+      - name: ZAP Frontend Scan
         uses: zaproxy/[email protected]
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           docker_name: "owasp/zap2docker-stable"
           target: "http://localhost:3000/"
-          rules_file_name: ".zap/rules.tsv"
+          rules_file_name: ".zap/rules-frontend.tsv"
           cmd_options: "-a -d -T 5 -m 2"
-          issue_title: OWASP Baseline
+          issue_title: OWASP Baseline - Frontend
+          fail_action: false
+
+      - name: ZAP Backend Scan
+        uses: zaproxy/[email protected]
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          docker_name: "owasp/zap2docker-stable"
+          target: "http://0.0.0.0:8000/"
+          rules_file_name: ".zap/rules-backend.tsv"
+          cmd_options: "-a -d -T 5 -m 2"
+          issue_title: OWASP Baseline - Backend
           fail_action: false