chore: add pen-testing.yml

.github/workflows/pen-testing.yml

@@ -0,0 +1,25 @@
+name: Penetration testing
+on: 
+  # schedule:
+  #   - cron: '0 0 1 * *'
+  workflow_dispatch:
+    inputs:
+      target:
+        description: 'URL target of the pen testing'
+        required: true
+        default: 'https://app.amplication-sandbox.com'
+
+jobs:
+  zap_scan:
+    runs-on: ubuntu-latest
+    name: Scan the webapplication
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: ZAP Scan
+        uses: zaproxy/[email protected]
+        with:
+          target: 'https://app.amplication.com/'
+        env:
+          ZAP_AUTH_HEADER_VALUE: ${{ secrets.AMPLICATION_BOT_TOKEN }}
+          ZAP_AUTH_HEADER_SITE: ".amplication.com"