Skip to content

Nightly Security Analysis #767

Nightly Security Analysis

Nightly Security Analysis #767

Workflow file for this run

name: Nightly Security Analysis
on:
workflow_dispatch:
schedule:
# cron format: 'minute hour dayofmonth month dayofweek'
# this will run at 8AM UTC every day (3am EST / 4am EDT)
- cron: '0 8 * * *'
jobs:
dast-scan:
name: OWASP Zap Scan
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
- name: Run OWASP Zap Scan on staging
uses: zaproxy/action-full-scan@d2a07475d467566c9a3e3c700f31f47724aa1060 # v0.10.0
with:
docker_name: 'ghcr.io/zaproxy/zaproxy:stable'
target: 'https://stg.ops.opre.acf.gov/'
allow_issue_writing: false
fail_action: false
cmd_options: '-I'
## Manually reviewed the action, and validated it performs basic
## conversion from zap.json to zap.sarif.
## Reviewed by tdonaworth 08.09.2022
- name: Create sarif file from zaproxy results
uses: SvanBoxel/zaproxy-to-ghas@cfc77481d74a17a4c3d6b753aa9d7abef453d501 # v1.0.2
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3
with:
sarif_file: results.sarif