ZAP Check - Dev #112

	name: ZAP Check - Dev

	on:
	schedule:
	# Runs daily at 4am
	- cron: "0 4 * * *"

	jobs:

	security-checks-dev:
	name: Run security checks against dev
	runs-on: ubuntu-22.04
	environment: development
	# Permissions for OIDC authentication
	permissions:
	id-token: write
	contents: write
	issues: write
	steps:
	- name: Check out repository
	uses: actions/checkout@v4

	# Login to Azure using OIDC
	- name: Login to Azure CLI
	uses: azure/login@v2
	with:
	client-id: ${{ secrets.AZURE_CLIENT_ID }}
	tenant-id: ${{ secrets.AZURE_TENANT_ID }}
	subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}

	# Change app setting for security scan
	- name: Change the IsPublic flag
	run: \|
	az webapp config appsettings set --resource-group ${{ vars.RESOURCE_NAME_PREFIX }}-rg --name ${{ vars.WEBAPP_NAME }} --settings ServiceAccess__IsPublic=true

	# Run full ZAP scan
	- name: ZAP Scan
	uses: zaproxy/[email protected]
	with:
	token: ${{ secrets.GITHUB_TOKEN }}
	docker_name: 'ghcr.io/zaproxy/zaproxy:stable'
	target: https://${{ vars.WEBAPP_NAME }}.azurewebsites.net
	allow_issue_writing: false
	artifact_name: full_scan_dev

	# Reset app setting following security scan
	- name: Reset the IsPublic flag
	run: \|
	az webapp config appsettings set --resource-group ${{ vars.RESOURCE_NAME_PREFIX }}-rg --name ${{ vars.WEBAPP_NAME }} --settings ServiceAccess__IsPublic=false

Provide feedback