add Zap Scan and Sonar

.github/workflows/deploy-dev.yml

@@ -4,7 +4,7 @@ on:
   workflow_dispatch:
   push:
     branches:
-      - main
+      - aldudinn
     paths-ignore:
       - database/**
       - package.json
@@ -89,12 +89,12 @@ jobs:
           ng test --watch=false --progress=false --browsers=ChromeHeadless --code-coverage --source-map=false
         continue-on-error: true
 
-    #  # SonarQube integration frontend
-    #   - name: SonarQube Scan
-    #     uses: sonarsource/sonarcloud-github-action@v2
-    #     env:
-    #       SONAR_HOST_URL: https://sonarcloud.io
-    #       SONAR_TOKEN: ${{ secrets.SONAR_TOKEN_TEST }}
+     # SonarQube integration frontend
+      - name: SonarQube Scan
+        uses: sonarsource/sonarcloud-github-action@v2
+        env:
+          SONAR_HOST_URL: https://sonarcloud.io
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN_TEST }}
 
   docker-build-backend:
     needs: [build-backend]
@@ -179,4 +179,22 @@ jobs:
         ENV_NAME=dev \
         IMAGE_TAG_FRONTEND=latest \
         IMAGE_TAG_BACKEND=latest \
-      working-directory: ./helm/main
+      working-directory: ./helm/main
+
+  scan:
+    steps:
+    - name: Run ZAP Scan
+      uses: zaproxy/[email protected]
+      with:
+        target: 'https://dev-strdata.apps.advsol-ams.3j6z.p1.openshiftapps.com/'
+      env:
+        TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Fail build on any alerts
+      run: |
+        if grep -q "FAIL-NEW: 0" zap.out; then
+          echo "No new alerts found"
+        else
+          echo "New alerts found, failing build"
+          exit 1
+        fi