SecureCodeBox Penetration Tests #9
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: SecureCodeBox Penetration Tests | |
| on: | |
| push: | |
| branches: | |
| - main | |
| workflow_dispatch: | |
| jobs: | |
| penetration-tests: | |
| runs-on: ubuntu-latest | |
| steps: | |
| # Step 1: Set up Kubernetes Kind cluster | |
| - name: Set up kind cluster | |
| uses: engineerd/setup-kind@v0.5.0 | |
| with: | |
| version: "v0.17.0" | |
| # Step 2: Configure kubectl | |
| - name: Set up kubectl | |
| uses: azure/setup-kubectl@v3 | |
| with: | |
| version: v1.27.1 | |
| # Step 3: Install Helm for SecureCodeBox operator installation | |
| - name: Install Helm | |
| uses: azure/setup-helm@v1 | |
| with: | |
| version: v3.8.0 | |
| # Step 4: Deploy SecureCodeBox Operator using Helm from the OCI registry | |
| - name: Deploy SecureCodeBox | |
| run: | | |
| helm --namespace securecodebox-system upgrade --install --create-namespace securecodebox-operator oci://ghcr.io/securecodebox/helm/operator | |
| # Step 5: Deploy Juice-Shop demo target | |
| - name: Deploy Juice-Shop Demo Target | |
| run: | | |
| helm upgrade --install juice-shop oci://ghcr.io/securecodebox/helm/juice-shop -n securecodebox-system | |
| # Step 6: Deploy ZAP-Advanced scanner | |
| - name: Deploy ZAP-Advanced Scanner | |
| run: | | |
| helm upgrade --install zap-advanced oci://ghcr.io/securecodebox/helm/zap-advanced -n securecodebox-system | |
| # Step 7: Initiate ZAP Scan on the Juice-Shop target | |
| - name: Download scan.yaml | |
| run: | | |
| curl -O https://raw.githubusercontent.com/GHARBIyasmine/SecureCodeBox-Penetration-testing/main/scan.yaml | |
| - name: Apply scan.yaml | |
| run: kubectl apply -f scan.yaml | |
| # Step 8: Wait for ZAP Scan Completion | |
| - name: Wait for ZAP Scan Results | |
| run: | | |
| kubectl wait --for=condition=complete job -l organization=OWASP --timeout=900s | |
| # Step 9: Retrieve and save the ZAP scan results | |
| - name: Retrieve ZAP Scan Results | |
| run: | | |
| kubectl port-forward -n securecodebox-system service/securecodebox-operator-minio 9000:9001 | |
| # Extract the finding download link from the scan | |
| finding_link=$(kubectl get scan -l organization=OWASP -o yaml | grep "findingDownloadLink:" | awk '{print $2}' | tail -n +2) | |
| # Display the extracted link (for debugging purposes) | |
| echo "Finding Download Link: $finding_link" | |
| # You can use this link in subsequent steps (for example, to download the findings file) | |
| curl -o findings.json "$finding_link" | |
| - name: Upload findings.json artifact | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: findings.json | |
| path: findings.json |