diff --git a/.github/workflows/zaproxy.yml b/.github/workflows/zaproxy.yml
index d29660eb9..b64dabc11 100644
--- a/.github/workflows/zaproxy.yml
+++ b/.github/workflows/zaproxy.yml
@@ -31,9 +31,17 @@ jobs:
         python3 wis2box-ctl.py execute wis2box metadata station add-topic --territory-name $TERRITORY  $CHANNEL
         python3 wis2box-ctl.py execute wis2box data ingest -mdi $DISCOVERY_METADATA_ID -p $TEST_DATA
         sleep 10
-    - name: ZAP baseline Scan
+    - name: ZAP baseline Scan on UI 🕵️‍♂️
       uses: zaproxy/action-baseline@v0.12.0
       with:
         target: 'http://localhost'
         rules_file_name: '.zap/rules.tsv'
+        allow_issue_writing: 'false'
+    - name: ZAP baseline Scan on wis2box-webapp 🕵️‍♂️
+      uses: zaproxy/action-baseline@v0.12.0
+      env:
+        ZAP_AUTH_HEADER_VALUE: "Basic d2lzMmJveC11c2VyOndpczJib3h0ZXN0MTIzCg==" # wis2box-user:wis2boxtest123, testing only
+      with:
+        target: 'http://localhost/wis2box-webapp'
+        rules_file_name: '.zap/rules.tsv'
         allow_issue_writing: 'false'
\ No newline at end of file