Skip to content

gql.f5labs.dev - ZAP Baseline Scan #505

gql.f5labs.dev - ZAP Baseline Scan

gql.f5labs.dev - ZAP Baseline Scan #505

name: "gql.f5labs.dev - ZAP Baseline Scan"
on:
workflow_dispatch:
schedule:
- cron: "15 00 * * *"
# Declare default permissions as read only.
permissions: read-all
jobs:
zap-baseline:
name: "ZAP Baseline Scan"
runs-on: ubuntu-latest
permissions:
# Needed to write to Issues.
issues: write
steps:
- name: Harden Runner
uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1
with:
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
- name: ZAP Scan
uses: zaproxy/[email protected]
with:
token: ${{ secrets.GITHUB_TOKEN }}
docker_name: "ghcr.io/zaproxy/zaproxy:stable"
target: "https://gql.f5labs.dev"
issue_title: "gql.f5labs.dev - OWASP ZAP Baseline Scan"
fail_action: "true"
cmd_options: "-I"