-
Notifications
You must be signed in to change notification settings - Fork 2
41 lines (36 loc) · 1.63 KB
/
ZAP2.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
name: ZAP full scan
on: [push]
jobs:
zap_scan:
runs-on: ubuntu-latest
name: Scan the webapplication
steps:
- name: Checkout
uses: actions/checkout@v2
with:
ref: main
- name: Setup Python 3.11
uses: actions/setup-python@v2
with:
python-version: 3.11
- name: Launch WebScripts
run: |
mkdir WebScripts/hardening
echo "{}" > WebScripts/hardening/logs_checks.json
echo "{}" > WebScripts/hardening/uploads_file_integrity.json
echo "{}" > WebScripts/hardening/webscripts_file_integrity.json
echo "{}" > WebScripts/hardening/audit.html
echo "{}" > WebScripts/hardening/audit.txt
echo "{}" > WebScripts/hardening/audit.json
python3.11 -c "import json as j,os;f=os.path.join('WebScripts','config','server.json');d=j.load(open(f));d['server']['force_file_permissions']=False;j.dump(d,open(f,'w'))"
python3.11 -c "import os;f=os.path.join('WebScripts','WebScripts.py');d=open(f).read().replace('force_file_permissions = True','force_file_permissions=False');open(f,'w').write(d)"
python3.11 -m WebScripts --security --accept-unauthenticated-user --accept-unknow-user --blacklist-time 0 --auth-failures-to-blacklist 99999 &
- name: ZAP Scan
uses: zaproxy/action-full-scan@v0.2.0
with:
docker_name: 'owasp/zap2docker-stable'
target: 'http://127.0.0.1:8000'
cmd_options: '-a'
fail_action: false
allow_issue_writing: false
issue_title: "ZAP report"