OWASP ZAP Actions #40
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: OWASP ZAP Actions | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| spider-min: | |
| default: 0 | |
| type: string | |
| env: | |
| cache-version: v2 | |
| jobs: | |
| website-scan: | |
| runs-on: ubuntu-latest | |
| name: DAST (Dynamic Application Security Testing) | |
| steps: | |
| - name: Checkout source code | |
| uses: actions/checkout@v3 | |
| - name: Setup Node | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: 18.17.0 | |
| registry-url: https://npm.pkg.github.com/ | |
| scope: '@tubone24' | |
| - name: Get yarn cache directory path | |
| id: yarn-cache-dir-path | |
| run: echo "dir=$(yarn cache dir)" >> "${GITHUB_OUTPUT}" | |
| - name: Cache | |
| uses: actions/cache@v3 | |
| with: | |
| path: | | |
| ~/.cache | |
| ${{ steps.yarn-cache-dir-path.outputs.dir }} | |
| node_modules | |
| key: ${{ runner.os }}-build-${{ env.cache-version }}-${{ hashFiles('**/yarn.lock') }} | |
| restore-keys: | | |
| ${{ runner.os }}-build-${{ env.cache-version }}-${{ hashFiles('**/yarn.lock') }} | |
| ${{ runner.os }}-build-${{ env.cache-version }}- | |
| - name: yarn install | |
| env: | |
| GATSBY_GITHUB_CLIENT_SECRET: ${{secrets.GATSBY_GITHUB_CLIENT_SECRET}} | |
| GATSBY_GITHUB_CLIENT_ID: ${{secrets.GATSBY_GITHUB_CLIENT_ID}} | |
| GATSBY_ALGOLIA_SEARCH_API_KEY: ${{secrets.GATSBY_ALGOLIA_SEARCH_API_KEY}} | |
| GATSBY_ALGOLIA_INDEX_NAME: ${{secrets.GATSBY_ALGOLIA_INDEX_NAME}} | |
| GATSBY_ALGOLIA_APP_ID: ${{secrets.GATSBY_ALGOLIA_APP_ID}} | |
| GATSBY_ALGOLIA_ADMIN_API_KEY: ${{secrets.GATSBY_ALGOLIA_ADMIN_API_KEY}} | |
| GATSBY_GITHUB_SHA: ${{ github.sha }} | |
| FAUNADB_SERVER_SECRET: ${{secrets.FAUNADB_SERVER_SECRET}} | |
| NETLIFY_ENV: deploy-preview | |
| NODE_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}} | |
| run: yarn install --frozen-lockfile | |
| - name: yarn build | |
| env: | |
| GATSBY_GITHUB_CLIENT_SECRET: ${{secrets.GATSBY_GITHUB_CLIENT_SECRET}} | |
| GATSBY_GITHUB_CLIENT_ID: ${{secrets.GATSBY_GITHUB_CLIENT_ID}} | |
| GATSBY_ALGOLIA_SEARCH_API_KEY: ${{secrets.GATSBY_ALGOLIA_SEARCH_API_KEY}} | |
| GATSBY_ALGOLIA_INDEX_NAME: ${{secrets.GATSBY_ALGOLIA_INDEX_NAME}} | |
| GATSBY_ALGOLIA_APP_ID: ${{secrets.GATSBY_ALGOLIA_APP_ID}} | |
| GATSBY_ALGOLIA_ADMIN_API_KEY: ${{secrets.GATSBY_ALGOLIA_ADMIN_API_KEY}} | |
| GATSBY_GITHUB_SHA: ${{ github.sha }} | |
| FAUNADB_SERVER_SECRET: ${{secrets.FAUNADB_SERVER_SECRET}} | |
| NETLIFY_ENV: deploy-preview | |
| run: yarn build | |
| - name: Action Full Scan | |
| run: | | |
| chmod 777 -R owasp/zap | |
| docker-compose -f owasp/docker-compose-ci.yml up -d | |
| docker-compose -f owasp/docker-compose-ci.yml exec -T owasp zap-full-scan.py -t http://web:9000 -r report.html -a -d -m ${{ inputs.spider-min }} -j -I -z "-config alert.maxInstances=0 -config view.locale=ja_JP -config scanner.hostPerScan=5 -config scanner.threadPerHost=5 -configfile /zap/wrk/alertFilter.conf" | |
| - name: Deploy Report | |
| uses: peaceiris/actions-gh-pages@v3 | |
| with: | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| publish_dir: ./owasp/zap/ | |
| destination_dir: owasp | |
| keep_files: true | |
| exclude_assets: '*.cer,*.key' | |
| - name: push report | |
| if: always() | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: owasp-report | |
| path: owasp/zap/report.html |