codeql/.github/workflows/code-saomiao at 4d90181a94d9e9b72dab02ac6c3d38bb6a48ad20 · dosen123/codeql · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
name: OWASP ZAP Security Scan

on:
  push:
    branches:
      - main
  pull_request:
    branches:
      - main

jobs:
  zap_scan:
    runs-on: ubuntu-latest

    steps:
      # Step 1: Checkout the repository code
      - name: Checkout code
        uses: actions/checkout@v3

      # Step 2: Set up Java (ZAP requires Java)
      - name: Set up Java
        uses: actions/setup-java@v3
        with:
          java-version: '11'
          distribution: 'adopt'

      # Step 3: Download and run OWASP ZAP
      - name: Run OWASP ZAP baseline scan
        uses: zaproxy/action-baseline@v0.6.0
        with:
          target: 'https://www.kobelcogps.com'  # Replace with your target URL
          rules: ''      # Optional: Custom scan rulesrules/scan-rules.tsv
          format: 'markdown'                 # Report format (markdown, json, etc.)
          output-file: 'www-kobelcogps-com.md'       # Output file name
          fail-action: true                  # Fail the job if vulnerabilities are found