-
Notifications
You must be signed in to change notification settings - Fork 3
39 lines (34 loc) · 1.26 KB
/
nightly_scans.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
name: Nightly Security Analysis
on:
workflow_dispatch:
schedule:
# cron format: 'minute hour dayofmonth month dayofweek'
# this will run at 8AM UTC every day (3am EST / 4am EDT)
- cron: '0 8 * * *'
jobs:
dast-scan:
name: OWASP Zap Scan
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- name: Run OWASP Zap Scan on staging
uses: zaproxy/action-full-scan@75ee1686750ab1511a73b26b77a2aedd295053ed # v0.12.0
with:
docker_name: 'ghcr.io/zaproxy/zaproxy:stable'
target: 'https://stg.ops.opre.acf.gov/'
allow_issue_writing: false
fail_action: false
cmd_options: '-I'
## Manually reviewed the action, and validated it performs basic
## conversion from zap.json to zap.sarif.
## Reviewed by tdonaworth 08.09.2022
- name: Create sarif file from zaproxy results
uses: SvanBoxel/zaproxy-to-ghas@cfc77481d74a17a4c3d6b753aa9d7abef453d501 # v1.0.2
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3
with:
sarif_file: results.sarif