-
Notifications
You must be signed in to change notification settings - Fork 16
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
8d1e2d2
commit 2b35836
Showing
2 changed files
with
21 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,6 +1,6 @@ | ||
| name: Run ZAP Baseline Scan ⚙️ | ||
|
|
||
| on: [ push, pull_request ] | ||
| on: [ push ] | ||
|
|
||
| jobs: | ||
| main: | ||
|
|
@@ -35,4 +35,4 @@ jobs: | |
| uses: zaproxy/[email protected] | ||
| with: | ||
| target: 'http://localhost' | ||
| #rules_file_name: '.zap/rules.tsv' | ||
| rules_file_name: '.zap/rules.tsv' | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,19 @@ | ||
| 10202 IGNORE Absence of Anti-CSRF Tokens Medium | ||
| 10038 IGNORE Content Security Policy (CSP) Header Not Set Medium | ||
| 10098 IGNORE Cross-Domain Misconfiguration Medium | ||
| 10020 IGNORE Missing Anti-clickjacking Header Medium | ||
| 90003 IGNORE Sub Resource Integrity Attribute Missing Medium | ||
| 90022 IGNORE Application Error Disclosure Medium | ||
| 10054 IGNORE Cookie with SameSite Attribute None Low | ||
| 10017 IGNORE Cross-Domain JavaScript Source File Inclusion Low | ||
| 10023 IGNORE Information Disclosure - Debug Error Messages Low | ||
| 10063 IGNORE Permissions Policy Header Not Set Low | ||
| 10037 IGNORE "Server Leaks Information via ""X-Powered-By"" HTTP Response Header Field(s)" Low | ||
| 10096 IGNORE Timestamp Disclosure - Unix Low | ||
| 10021 IGNORE X-Content-Type-Options Header Missing Low | ||
| 10027 IGNORE Information Disclosure - Suspicious Comments Informational | ||
| 90033 IGNORE Loosely Scoped Cookie Informational | ||
| 10109 IGNORE Modern Web Application Informational | ||
| 10049 IGNORE Non-Storable Content Informational | ||
| 10112 IGNORE Session Management Response Identified Informational | ||
| 10049 IGNORE Storable and Cacheable Content Informational |