Skip to content

bank.f5labs.dev - ZAP Full Scan #55

bank.f5labs.dev - ZAP Full Scan

bank.f5labs.dev - ZAP Full Scan #55

name: "bank.f5labs.dev - ZAP Full Scan"
on:
workflow_dispatch:
schedule:
- cron: "15 00 * * 6"
# Declare default permissions as read only.
permissions: read-all
jobs:
zap-baseline:
name: "ZAP Full Scan"
runs-on: ubuntu-latest
permissions:
# Needed to write to Issues.
issues: write
steps:
- name: Harden Runner
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
with:
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
- name: ZAP Scan
uses: zaproxy/[email protected]
with:
token: ${{ secrets.GITHUB_TOKEN }}
docker_name: "ghcr.io/zaproxy/zaproxy:stable"
target: "https://bank.f5labs.dev"
issue_title: "bank.f5labs.dev - OWASP ZAP Full Scan"
fail_action: "true"
cmd_options: "-I"