-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdevopsshield-dast-zed-attack-proxy-zap.yml
More file actions
61 lines (52 loc) · 2.62 KB
/
devopsshield-dast-zed-attack-proxy-zap.yml
File metadata and controls
61 lines (52 loc) · 2.62 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
# Last applied at: Tue, 14 Jan 2025 00:38:08 GMT
# DevOps Shield - The ultimate DevSecOps platform designed to secure your DevOps.
# https://devopsshield.com
##############################################################
# This is a DevOps Shield - Application Security - Code Security Template.
# This workflow template uses actions that are not certified by DevOps Shield.
# They are provided by a third-party and are governed by separate terms of service, privacy policy, and support documentation.
# Use this workflow template for integrating code security into your pipelines and workflows.
# DevOps Shield Workflow Template Details:
# ------------------------------------------------------------
# Code: GH_DAST_Zed_Attack_Proxy_ZAP
# Name: Zed Attack Proxy (ZAP) Penetration Testing
# DevSecOpsControls: DAST
# Provider: Checkmarx
# Categories: Code Scanning, Penetration Testing
# Description:
# Zed Attack Proxy (ZAP) by Checkmarx is a free, open-source penetration testing tool.
# ZAP is designed specifically for testing web applications and is both flexible and extensible.
# Automate with ZAP. ZAP provides range of options for security automation.
# The world's most widely used web app scanner. Free and open source. A community based GitHub Top 1000 project that anyone can contribute to.
# A GitHub Action for running the ZAP Full Scan to perform Dynamic Application Security Testing (DAST).
# The ZAP full scan action runs the ZAP spider against the specified target (by default with no time limit) followed by an optional ajax spider scan and then a full active scan before reporting the results.
# WARNING this action will perform attacks on the target website. You should only scan targets that you have permission to test.
# Read the official documentation to find out more.
# For more information:
# https://www.zaproxy.org/
# https://www.zaproxy.org/docs/
# https://github.com/zaproxy/
# https://www.zaproxy.org/docs/automate/
# https://www.zaproxy.org/docs/guides/zapping-the-top-10-2021/
# ------------------------------------------------------------
# Source repository: https://github.com/zaproxy/action-full-scan
##############################################################
name: Zed Attack Proxy (ZAP) Full Scan
on:
push:
branches: [ main ]
schedule:
- cron: 0 0 * * 0
jobs:
zap_scan:
name: ZAP Full Scan
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- uses: actions/checkout@v4
- name: Run ZAP Scan
uses: zaproxy/action-full-scan@v0.12.0
id: zap
with:
target: 'https://www.zaproxy.org/'