Skip to content

hapi.f5labs.dev - ZAP API Scan #315

hapi.f5labs.dev - ZAP API Scan

hapi.f5labs.dev - ZAP API Scan #315

name: "hapi.f5labs.dev - ZAP API Scan"
on:
workflow_dispatch:
schedule:
- cron: "15 00 * * *"
# Declare default permissions as read only.
permissions: read-all
jobs:
zap-api:
name: "ZAP API Scan"
runs-on: ubuntu-latest
permissions:
# Needed to write to Issues.
issues: write
steps:
- name: Harden Runner
uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
with:
egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
with:
ref: master
- name: ZAP Scan
uses: zaproxy/[email protected]
with:
token: ${{ secrets.GITHUB_TOKEN }}
docker_name: "ghcr.io/zaproxy/zaproxy:stable"
format: openapi
target: tests/hapi/hapi-swagger.json
issue_title: "hapi.f5labs.dev - OWASP ZAP API Scan"
fail_action: "true"
cmd_options: "-I -S"