-
-
Notifications
You must be signed in to change notification settings - Fork 210
34 lines (29 loc) · 929 Bytes
/
security.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
name: Perform Security Audit with ZAProxy
# Use ZAP Proxy to perform a full scan of the production site.
on:
# manually trigger workflow
workflow_dispatch:
# Listen for Production deployments
workflow_run:
workflows: [pages-build-deployment]
types:
- completed
jobs:
zap_scan:
runs-on: ubuntu-latest
name: Scan Production Site
steps:
- name: Set Date (NOW) as Variable
id: set-now
run: |
echo "NOW=$(date +'%Y-%m-%d')" >> "$GITHUB_OUTPUT"
- name: Checkout Repo for .zap/rules.tsv
uses: actions/checkout@v4
- name: ZAP Full Scan
# https://github.com/zaproxy/action-full-scan
uses: zaproxy/[email protected]
with:
target: 'https://chitchatter.im/'
rules_file_name: '.zap/rules.tsv'
artifact_name: 'zap_scan_${{ steps.set-now.outputs.NOW }}'
allow_issue_writing: false