Merge pull request #661 from WHOIGit/automated_tests

Automated tests
WHOIGit · May 22, 2024 · 199b398 · 199b398
2 parents 411b2a0 + 12cd35b
commit 199b398
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 10 deletions.
diff --git a/.github/workflows/zap-publish-image-rdb.yml b/.github/workflows/zap-publish-image-rdb.yml
@@ -16,7 +16,7 @@ jobs:
     name: OWASP
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Build RDB project 
         run: |
           
@@ -47,7 +47,10 @@ jobs:
           docker-compose -f docker-compose-testing.yml up --detach
           sh -c "until curl -Is http://localhost:8000; do echo 'waiting for http://localhost:8000'; sleep 10; done"
 
-          # Run OWASP ZAP Full Scan
+          # Pull the OWASP ZAP Docker Image
+          docker pull zaproxy/zap-stable
+
+          # Run OWASP ZAP Scan
           pwd
           cp .github/zap/rdb.context .
           ls
@@ -56,20 +59,20 @@ jobs:
 
           docker run --network roundabout-network \
              -v "/$(pwd):/zap/wrk/:rw" \
-             -t owasp/zap2docker-stable zap-baseline.py -j \
+             -t zaproxy/zap-stable zap-baseline.py -j \
              -t http://django:8000 \
              -I   \
              -d \
              -r rdb-zap-baseline-scan.html \
              -n rdb.context \
              -U admin
 
-         # -t owasp/zap2docker-stable zap-baseline.py -j  \  no high alerts
-         # -t owasp/zap2docker-stable zap-full-scan.py \ runs 6+ hrs and timesout, includes high alerts
-         # -t owasp/zap2docker-weekly zap-full-scan.py -j  \ runs for 6+ hours - times out
+         # -t zaproxy/zap-stable zap-baseline.py -j  \  no high alerts
+         # -t zaproxy/zap-stable zap-full-scan.py \ runs 6+ hrs and timesout, includes high alerts
+         # -t zaproxy/zap-weekly zap-full-scan.py -j  \ runs for 6+ hours - times out
 
       - name: Archive production artifacts
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: Zap Report
           path: |
@@ -85,7 +88,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Running Automated tests
         run:  |

diff --git a/compose/local/tests/Dockerfile b/compose/local/tests/Dockerfile
@@ -8,8 +8,6 @@ ARG DEBIAN_FRONTEND=noninteractive
 RUN apt-get update && apt-get install -y --no-install-recommends apt-utils
 RUN apt-get update
 
-RUN apt-get install curl -y && apt-get install npm -y
-
 RUN apt-get install -y wget && apt install -y unzip
 
 # At root dir
@@ -35,6 +33,7 @@ RUN echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesourc
      | tee /etc/apt/sources.list.d/nodesource.list
 RUN apt-get update
 RUN apt-get install nodejs -y
+RUN apt-get install curl -y && apt-get install npm -y
 
 # npm WARN EBADENGINE package: '[email protected]' with Node 12.x
 RUN npm install [email protected]