SCANNER (Tentative name 😅)
This is a basic multi-part security scanning pipeline.
The FLOW
GitHub Action(local) --> Docker - OWASP ZAP Scan --> Parser --> Jira
The SEQUENCE
- ZAP Scan - Baseline
- JSON Parser
- Jira Issue Creator
The Process
-
Running OWASP ZAP Scan
- ZAP Scan will be ran locally from a Docker Image to have full control of its parameters
- These are the guide for running scans: https://www.zaproxy.org/docs/docker/about/
- If you want to run it locally via Github Actions, you need to configure this: https://github.com/nektos/act
-
Parsing the Results
- Parsing the json results from ZAP Scan using Python script - 2_json_parser.py
-
Creating Jira Issues
- The parsed results will then be attached to a Jira Issue which is opened by a Python script - 3_jira_issue_creator.py