Skip to content

Commit

Permalink
ci(owasp-dast): added workflow for DAST
Browse files Browse the repository at this point in the history
  • Loading branch information
tom-rm-meyer-ISST committed Feb 17, 2024
1 parent 753580c commit 9da0030
Showing 1 changed file with 111 additions and 0 deletions.
111 changes: 111 additions & 0 deletions .github/workflows/owasp-dast.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,111 @@
#
# Copyright (c) 2023 Contributors to the Eclipse Foundation
#
# See the NOTICE file(s) distributed with this work for additional
# information regarding copyright ownership.
#
# This program and the accompanying materials are made available under the
# terms of the Apache License, Version 2.0 which is available at
# https://www.apache.org/licenses/LICENSE-2.0.
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# SPDX-License-Identifier: Apache-2.0
#
name: ZAP_ALL

on:
schedule:
- cron: '0 0 * * *'
workflow_dispatch:

jobs:
zap_scan1:
runs-on: ubuntu-latest
name: OWASP ZAP API Scan

steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #v4.1.1
with:
ref: main
fetch-depth: 0

- name: MAD Test
id: mad_test
run: |
# Perform API Test 1 and capture the response
response=$(curl -w "%{http_code}" -v GET https://puris-customer.int.demo.catena-x.net/catena/materials --header "X-Api-Key: ${{ secrets.API_KEY }}")
echo "Response: $response"
- name: Stock View Test
id: stock_view_test
run: |
# Perform API Test 3 and capture the response
response=$(curl -X GET https://puris-customer.int.demo.catena-x.net/catena/stockView/product-stocks --header "X-Api-Key: ${{ secrets.API_KEY }}")
echo "Response: $response"
- name: Generating report skeletons
if: success() || failure()
run: |
touch API_report.html
chmod a+w API_report.html
ls -lrt
- name: Run ZAP API scan
run: |
set +e
echo "Pulling ZAP image..."
docker pull ghcr.io/zaproxy/zaproxy:stable -q
echo "Starting ZAP Docker container..."
docker run -v ${GITHUB_WORKSPACE}:/zap/wrk/:rw ghcr.io/zaproxy/zaproxy:stable zap-api-scan.py -t https://puris-customer.int.demo.catena-x.net -f openapi -r API_report.html -T 1
echo "... done."
- name: Upload HTML report
if: success() || failure()
uses: actions/upload-artifact@v3
with:
name: ZAP_API scan report
path: ./API_report.html
retention-days: 1

zap_scan2:
runs-on: ubuntu-latest
name: OWASP ZAP FULL Scan
steps:
- name: Checkout
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #v4.1.1
with:
ref: main

- name: Generating report skeletons
if: success() || failure()
run: |
touch fullscan_report.html
chmod a+w fullscan_report.html
ls -lrt
- name: Perform ZAP FULL scan
run: |
set +e
echo "Pulling ZAP image..."
docker pull ghcr.io/zaproxy/zaproxy:stable -q
echo "Starting ZAP Docker container..."
docker run -v ${GITHUB_WORKSPACE}:/zap/wrk/:rw ghcr.io/zaproxy/zaproxy:stable zap-full-scan.py -t https://knowledge.dev.demo.catena-x.net -r fullscan_report.html -T 1
echo "... done."
- name: Upload HTML report
if: success() || failure()
uses: actions/upload-artifact@v3
with:
name: ZAP_FULL scan report
path: ./fullscan_report.html
retention-days: 1

0 comments on commit 9da0030

Please sign in to comment.