-
Notifications
You must be signed in to change notification settings - Fork 0
45 lines (43 loc) · 1.36 KB
/
pen-testing-api.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
name: API Penetration testing
on:
# schedule:
# - cron: '0 0 1 * *'
workflow_dispatch:
inputs:
target:
description: 'URL target of the pen testing'
required: true
default: 'https://server.amplication-sandbox.com'
jobs:
zap_scan_graphql:
runs-on: ubuntu-latest
name: Scan the graphql API
steps:
- name: Checkout
uses: actions/checkout@v4
- name: ZAP Scan
uses: zaproxy/[email protected]
with:
target: '${{ github.event.inputs.target }}/graphql'
format: graphql
cmd_options: '-T 30 -n amplication.context'
rules_file_name: 'amplication.conf'
env:
ZAP_AUTH_HEADER_VALUE: ${{ secrets.AMPLICATION_BOT_TOKEN }}
ZAP_AUTH_HEADER_SITE: ${{ github.event.inputs.target }}
zap_scan_rest:
runs-on: ubuntu-latest
name: Scan the REST API
steps:
- name: Checkout
uses: actions/checkout@v4
- name: ZAP Scan
uses: zaproxy/[email protected]
with:
target: '${{ github.event.inputs.target }}/api-json'
format: openapi
cmd_options: '-T 30 -n amplication.context'
rules_file_name: 'amplication.conf'
env:
ZAP_AUTH_HEADER_VALUE: ${{ secrets.AMPLICATION_BOT_TOKEN }}
ZAP_AUTH_HEADER_SITE: ${{ github.event.inputs.target }}