Skip to content
.github/workflows/owasp-zap-scan.yaml

chore: add sonar cloud quality gate status #156

Sign in to view logs

chore: add sonar cloud quality gate status

chore: add sonar cloud quality gate status #156

Workflow file for this run

.github/workflows/owasp-zap-scan.yaml at 9aaf7e0
# name: owasp-scan
# on:
# workflow_call:
# inputs:
# ZAP_SCAN_TYPE:
# required: true
# type: string
# ZAP_TARGET_URL:
# required: true
# type: string
# ZAP_DURATION:
# required: true
# type: string
# ZAP_MAX_DURATION:
# required: true
# type: string
# ZAP_GCP_PUBLISH:
# required: true
# type: boolean
# ZAP_GCP_PROJECT:
# required: false
# type: string
# ZAP_GCP_BUCKET:
# required: false
# type: string
# secrets:
# GCP_SA_KEY:
# required: false
# jobs:
# owasp-scan:
# runs-on: ubuntu-latest
# name: owasp-scan
# steps:
# - name: Checkout repository
# uses: actions/checkout@v2
# - name: Set up Python
# uses: actions/setup-python@v4
# with:
# python-version: '3.9'
# - name: Set up Cloud SDK
# if: ${{ inputs.ZAP_GCP_PUBLISH }}
# uses: google-github-actions/setup-gcloud@v1
# with:
# project_id: ${{ inputs.ZAP_GCP_PROJECT }}
# service_account_key: ${{ secrets.GCP_SA_KEY }}
# export_default_credentials: true
# - name: ZAP Base Scan
# if: ${{ inputs.ZAP_SCAN_TYPE == 'base' }}
# uses: zaproxy/action-baseline@v0.6.1
# with:
# token: ${{ secrets.GITHUB_TOKEN }}
# docker_name: 'owasp/zap2docker-stable'
# target: ${{ inputs.ZAP_TARGET_URL }}
# rules_file_name: '.zap/rules.tsv'
# cmd_options: '-a -d -T ${{ inputs.ZAP_MAX_DURATION }} -m ${{ inputs.ZAP_DURATION }}'
# issue_title: OWAP Baseline
# - name: ZAP Full Scan
# if: ${{ inputs.ZAP_SCAN_TYPE == 'full' }}
# uses: zaproxy/action-full-scan@v0.3.0
# with:
# token: ${{ secrets.GITHUB_TOKEN }}
# docker_name: 'owasp/zap2docker-stable'
# target: ${{ inputs.ZAP_TARGET_URL }}
# rules_file_name: '.zap/rules.tsv'
# cmd_options: '-a -d -T ${{ inputs.ZAP_MAX_DURATION }} -m ${{ inputs.ZAP_DURATION }}'
# - name: Create Artifact Directory
# if: ${{ inputs.ZAP_GCP_PUBLISH }}
# run: |
# mkdir -p public/zap
# - name: Publish Reports to Github
# uses: actions/download-artifact@v2
# with:
# name: zap_scan
# path: public/zap
# - name: Rename Markdown
# if: ${{ inputs.ZAP_GCP_PUBLISH }}
# run: |
# mv public/zap/report_md.md public/zap/README.md
# - name: ZAP Results
# uses: JamesIves/github-pages-deploy-action@4.1.6
# with:
# branch: zap-scan
# folder: public/zap
# - name: GCP Publish Results URL
# if: ${{ inputs.ZAP_GCP_PUBLISH }}
# run: |
# echo "$GCP_SA_KEY" > gcp-sa-key.json
# gsutil mb gs://${{ inputs.ZAP_GCP_BUCKET }} || echo "Bucket already exists..."
# gsutil cp public/zap/report_html.html gs://${{ inputs.ZAP_GCP_BUCKET }}
# echo "URL expires in 10 minutes..."
# gsutil signurl -d 10m gcp-sa-key.json gs://${{ inputs.ZAP_GCP_BUCKET }}/report_html.html
# env:
# GCP_SA_KEY: ${{ secrets.GCP_SA_KEY }}