Skip to content

Nightly Security Analysis #852

Nightly Security Analysis

Nightly Security Analysis #852

Workflow file for this run

name: Nightly Security Analysis
on:
workflow_dispatch:
schedule:
# cron format: 'minute hour dayofmonth month dayofweek'
# this will run at 8AM UTC every day (3am EST / 4am EDT)
- cron: '0 8 * * *'
jobs:
dast-scan:
name: OWASP Zap Scan
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- name: Run OWASP Zap Scan on staging
uses: zaproxy/action-full-scan@75ee1686750ab1511a73b26b77a2aedd295053ed # v0.12.0
with:
docker_name: 'ghcr.io/zaproxy/zaproxy:stable'
target: 'https://stg.ops.opre.acf.gov/'
allow_issue_writing: false
fail_action: false
cmd_options: '-I'
## Manually reviewed the action, and validated it performs basic
## conversion from zap.json to zap.sarif.
## Reviewed by tdonaworth 08.09.2022
- name: Create sarif file from zaproxy results
uses: SvanBoxel/zaproxy-to-ghas@cfc77481d74a17a4c3d6b753aa9d7abef453d501 # v1.0.2
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3
with:
sarif_file: results.sarif