Last active
April 24, 2024 13:21
-
-
Save larstobi/285dada79f6ae0341d9fb0190702a7de to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
on: | |
push: | |
branches: [ main ] | |
pull_request: | |
branches: [ main ] | |
jobs: | |
zap_scan: | |
runs-on: ubuntu-latest | |
name: Scan the webapplication | |
steps: | |
- name: ZAP Automation Framework | |
uses: zaproxy/action-af@main | |
with: | |
plan: '.github/workflows/zap/plan.yml' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
env: | |
contexts: | |
- name: "Default Context" | |
urls: | |
- "http://127.0.0.1:8082" | |
includePaths: | |
- "http://127.0.0.1:8082.*" | |
excludePaths: [] | |
authentication: | |
parameters: {} | |
verification: | |
method: "response" | |
pollFrequency: 60 | |
pollUnits: "requests" | |
sessionManagement: | |
method: "cookie" | |
parameters: {} | |
technology: | |
exclude: [] | |
parameters: | |
failOnError: true | |
failOnWarning: false | |
progressToStdout: true | |
vars: {} | |
jobs: | |
- parameters: | |
scanOnlyInScope: true | |
enableTags: false | |
disableAllRules: false | |
rules: [] | |
name: "passiveScan-config" | |
type: "passiveScan-config" | |
- parameters: {} | |
name: "spider" | |
type: "spider" | |
tests: | |
- onFail: "INFO" | |
statistic: "automation.spider.urls.added" | |
site: "" | |
operator: ">=" | |
value: 100 | |
name: "At least 100 URLs found" | |
type: "stats" | |
- parameters: | |
maxDuration: 60 | |
maxCrawlDepth: 10 | |
numberOfBrowsers: 20 | |
inScopeOnly: true | |
name: "spiderAjax" | |
type: "spiderAjax" | |
tests: | |
- onFail: "INFO" | |
statistic: "spiderAjax.urls.added" | |
site: "" | |
operator: ">=" | |
value: 100 | |
name: "At least 100 URLs found" | |
type: "stats" | |
- parameters: {} | |
name: "passiveScan-wait" | |
type: "passiveScan-wait" | |
- parameters: | |
template: "sarif-json" | |
reportTitle: "ZAP Scanning Report" | |
reportDescription: "" | |
reportDir: "/zap/wrk/" | |
reportFile: "sarif.json" | |
name: "sarif-report" | |
type: "report" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment