Skip to content

Add ZAP baseline scan to CI #47

Add ZAP baseline scan to CI

Add ZAP baseline scan to CI #47

Workflow file for this run

name: DAST Scan
on:
pull_request:
push:
branches:
- qa/**
- stable/**
- dev/owasp-zap-ci
jobs:
dynamic-analysis:
runs-on: ubuntu-22.04
strategy:
fail-fast: false
name: ZAP Baseline Test - Docker AtoM
env:
COMPOSE_FILE: ${{ github.workspace }}/docker/docker-compose.dev.yml
steps:
- name: Check out code
uses: actions/checkout@v4
- name: Create Docker Network
run: |
docker network create zap_network
- name: Build and Run AtoM Docker Containers
run: |
docker compose up -d
docker network connect zap_network $(docker compose ps -q atom)
docker network connect zap_network $(docker compose ps -q nginx)
- name: Run Setup Commands in AtoM Container
run: |
docker exec $(docker compose ps -q atom) /bin/sh -c "npm install -g 'less@<4.0.0' && make -C plugins/arDominionPlugin && make -C plugins/arArchivesCanadaPlugin && npm run build"
- name: Run tools:purge in AtoM Container
run: |
docker exec $(docker compose ps -q atom) php -d memory_limit=-1 symfony tools:purge --demo
- name: OWASP ZAP baseline scan
uses: zaproxy/[email protected]
with:
target: 'http://localhost:63001'
docker_name: 'ghcr.io/zaproxy/zaproxy:stable'
allow_issue_writing: false
cmd_options: '-a -r report_html.html -l WARN'
- name: Clean Up Docker Containers
run: |
docker compose down
docker network rm zap_network