larstobi/.github_workflows_scanner.yml

## .github_workflows_scanner.yml
on:
  push:
    branches: [ main ]
  pull_request:
    branches: [ main ]

jobs:
  zap_scan:
    runs-on: ubuntu-latest
    name: Scan the webapplication
    steps:
      - name: ZAP Automation Framework
        uses: zaproxy/action-af@main
        with:
          plan: '.github/workflows/zap/plan.yml'

## .github_workflows_zap_plan.yml
---
env:
  contexts:
  - name: "Default Context"
    urls:
    - "http://127.0.0.1:8082"
    includePaths:
    - "http://127.0.0.1:8082.*"
    excludePaths: []
    authentication:
      parameters: {}
      verification:
        method: "response"
        pollFrequency: 60
        pollUnits: "requests"
    sessionManagement:
      method: "cookie"
      parameters: {}
    technology:
      exclude: []
  parameters:
    failOnError: true
    failOnWarning: false
    progressToStdout: true
  vars: {}
jobs:
- parameters:
    scanOnlyInScope: true
    enableTags: false
    disableAllRules: false
  rules: []
  name: "passiveScan-config"
  type: "passiveScan-config"
- parameters: {}
  name: "spider"
  type: "spider"
  tests:
  - onFail: "INFO"
    statistic: "automation.spider.urls.added"
    site: ""
    operator: ">="
    value: 100
    name: "At least 100 URLs found"
    type: "stats"
- parameters:
    maxDuration: 60
    maxCrawlDepth: 10
    numberOfBrowsers: 20
    inScopeOnly: true
  name: "spiderAjax"
  type: "spiderAjax"
  tests:
  - onFail: "INFO"
    statistic: "spiderAjax.urls.added"
    site: ""
    operator: ">="
    value: 100
    name: "At least 100 URLs found"
    type: "stats"
- parameters: {}
  name: "passiveScan-wait"
  type: "passiveScan-wait"
- parameters:
    template: "sarif-json"
    reportTitle: "ZAP Scanning Report"
    reportDescription: ""
    reportDir: "/zap/wrk/"
    reportFile: "sarif.json"
  name: "sarif-report"
  type: "report"
	on:
	push:
	branches: [ main ]
	pull_request:
	branches: [ main ]

	jobs:
	zap_scan:
	runs-on: ubuntu-latest
	name: Scan the webapplication
	steps:
	- name: ZAP Automation Framework
	uses: zaproxy/action-af@main
	with:
	plan: '.github/workflows/zap/plan.yml'
	---
	env:
	contexts:
	- name: "Default Context"
	urls:
	- "http://127.0.0.1:8082"
	includePaths:
	- "http://127.0.0.1:8082.*"
	excludePaths: []
	authentication:
	parameters: {}
	verification:
	method: "response"
	pollFrequency: 60
	pollUnits: "requests"
	sessionManagement:
	method: "cookie"
	parameters: {}
	technology:
	exclude: []
	parameters:
	failOnError: true
	failOnWarning: false
	progressToStdout: true
	vars: {}
	jobs:
	- parameters:
	scanOnlyInScope: true
	enableTags: false
	disableAllRules: false
	rules: []
	name: "passiveScan-config"
	type: "passiveScan-config"
	- parameters: {}
	name: "spider"
	type: "spider"
	tests:
	- onFail: "INFO"
	statistic: "automation.spider.urls.added"
	site: ""
	operator: ">="
	value: 100
	name: "At least 100 URLs found"
	type: "stats"
	- parameters:
	maxDuration: 60
	maxCrawlDepth: 10
	numberOfBrowsers: 20
	inScopeOnly: true
	name: "spiderAjax"
	type: "spiderAjax"
	tests:
	- onFail: "INFO"
	statistic: "spiderAjax.urls.added"
	site: ""
	operator: ">="
	value: 100
	name: "At least 100 URLs found"
	type: "stats"
	- parameters: {}
	name: "passiveScan-wait"
	type: "passiveScan-wait"
	- parameters:
	template: "sarif-json"
	reportTitle: "ZAP Scanning Report"
	reportDescription: ""
	reportDir: "/zap/wrk/"
	reportFile: "sarif.json"
	name: "sarif-report"
	type: "report"