-
Notifications
You must be signed in to change notification settings - Fork 0
62 lines (52 loc) · 2.05 KB
/
baseline-scan-wf.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
name: "ZAP - Baseline Scan"
on:
push:
branches: [ main ]
schedule:
- cron: '0 0 1 * *' ##execution of a task in the first minute of the month
jobs:
# https://www.zaproxy.org/docs/docker/baseline-scan/
ubuntu-latest-zap-Baseline-job:
name: "ZAP - Baseline Scan"
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: "os fingerprinting"
run: hostnamectl status
- name: "ZAP - Baseline Scan"
run: |
# Error: Process completed with exit code 2.
docker run -t owasp/zap2docker-stable \
zap-baseline.py -t http://testphp.vulnweb.com
# Error: Process completed with exit code 2.
# docker run -t owasp/zap2docker-stable \
# zap-baseline.py -t http://testphp.vulnweb.com >/dev/null
# Error: Process completed with exit code 3
# docker run -t --rm owasp/zap2docker-stable sh -c "zap-baseline.py -t http://testphp.vulnweb.com 2>/dev/null"
# https://www.zaproxy.org/docs/docker/baseline-scan/
ubuntu-latest-zap-Baseline-report-job:
name: "ZAP - Baseline Scan report"
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: "os fingerprinting"
run: hostnamectl status
- name: "ZAP - Baseline Scan report"
run: |
docker run -v $(pwd):/zap/wrk/:rw -t owasp/zap2docker-stable zap-baseline.py \
-t https://www.example.com -g gen.conf -r testreport.html
# https://www.zaproxy.org/docs/docker/scan-hooks/
ubuntu-latest-zap-Baseline-hooks-job:
name: "ZAP - Baseline Scan hooks"
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: "os fingerprinting"
run: hostnamectl status
- name: "ZAP - Baseline Scan hooks"
run: |
# Error: Process completed with exit code 3.
# PermissionError: [Errno 13] Permission denied: '/zap/wrk/gen.conf'
sudo docker run -v $(pwd):/zap/wrk/:rw -t owasp/zap2docker-stable \
zap-baseline.py -t https://www.example.com -g gen.conf \
-r testreport.html --hook=/zap/wrk/my-hooks.py