-
Notifications
You must be signed in to change notification settings - Fork 0
38 lines (35 loc) · 1.14 KB
/
test-security-zap.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
name: ZAP
on: [push]
permissions:
contents: read
jobs:
test-security:
name: ZAP
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up JDK 21
uses: actions/setup-java@v4
with:
java-version: "21"
distribution: "oracle"
- name: Clean install
run: ./mvnw --no-transfer-progress clean install -DskipTests -Ddependency-check.skip -Dcyclonedx.skip=true -Dexec.skip
- name: Start application
run: ./mvnw spring-boot:run -Dspring-boot.run.profiles=test &
- name: Wait till application is up
run: |
until curl --output /dev/null --silent --head --fail http://localhost:8080; do
printf '.'
sleep 5
done
- name: ZAP Scan
uses: zaproxy/[email protected]
with:
token: ${{ secrets.GITHUB_TOKEN }}
allow_issue_writing: false
docker_name: "ghcr.io/zaproxy/zaproxy:stable"
target: "http://localhost:8080"
rules_file_name: zap/rule-config.tsv
fail_action: true
cmd_options: '-z "-configFile /zap/wrk/zap/options.conf" -a'