forked from eclipse-tractusx/tractusx-edc
-
Notifications
You must be signed in to change notification settings - Fork 0
123 lines (105 loc) · 4.11 KB
/
dast-scan.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
#################################################################################
# Copyright (c) 2024 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
#
# See the NOTICE file(s) distributed with this work for additional
# information regarding copyright ownership.
#
# This program and the accompanying materials are made available under the
# terms of the Apache License, Version 2.0 which is available at
# https://www.apache.org/licenses/LICENSE-2.0.
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# SPDX-License-Identifier: Apache-2.0
#################################################################################
name: ZAP_ALL
on:
schedule:
- cron: '0 0 * * *'
workflow_dispatch:
jobs:
zap_scan:
runs-on: ubuntu-latest
name: OWASP ZAP API Scan
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/setup-memory-runtime
- name: Fetch SI TOKEN
run: ./samples/edc-dast/fetch-token.sh
- name: API Catalog Request Test
id: catalog_request
run: |
dsp_response=$(curl -w "%{http_code}" --request POST \
--url http://localhost:8282/api/v1/dsp/catalog/request \
--header "Authorization: $SI_TOKEN" \
--header 'Content-Type: application/json' \
--data '{
"@type": "dspace:CatalogRequestMessage",
"dspace:filter": {
"@type": "QuerySpec",
"limit": 50,
"offset": 0,
"sortOrder": "ASC",
"filterExpression": []
},
"@context": {
"@vocab": "https://w3id.org/edc/v0.0.1/ns/",
"edc": "https://w3id.org/edc/v0.0.1/ns/",
"tx": "https://w3id.org/tractusx/v0.0.1/ns/",
"dcat": "http://www.w3.org/ns/dcat#",
"dct": "https://purl.org/dc/terms/",
"odrl": "http://www.w3.org/ns/odrl/2/",
"dspace": "https://w3id.org/dspace/v0.8/"
}
}')
echo "Response: $dsp_response"
- name: Generating report skeletons
if: success() || failure()
run: |
touch API_report.html
chmod a+w API_report.html
ls -lrt
- name: Run ZAP API scan
run: |
set +e
echo "Pulling ZAP image..."
docker pull ghcr.io/zaproxy/zaproxy:stable -q
echo "Starting ZAP Docker container..."
docker run --network edc-net -v ${GITHUB_WORKSPACE}:/zap/wrk/:rw ghcr.io/zaproxy/zaproxy:stable zap-api-scan.py -t http://edc-runtime:8282/api/v1/dsp -f openapi -r API_report.html -T 1
echo "... done."
- name: Upload HTML report
if: success() || failure()
uses: actions/upload-artifact@v4
with:
name: ZAP_API scan report
path: ./API_report.html
zap_scan2:
runs-on: ubuntu-latest
name: OWASP ZAP FULL Scan
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/setup-memory-runtime
- name: Generating report skeletons
if: success() || failure()
run: |
touch fullscan_report.html
chmod a+w fullscan_report.html
ls -lrt
- name: Perform ZAP FULL scan
run: |
set +e
echo "Pulling ZAP image..."
docker pull ghcr.io/zaproxy/zaproxy:stable -q
echo "Starting ZAP Docker container..."
docker run --network edc-net -v ${GITHUB_WORKSPACE}:/zap/wrk/:rw ghcr.io/zaproxy/zaproxy:stable zap-full-scan.py -t http://edc-runtime:8282/api/v1/dsp -r fullscan_report.html -T 1
echo "... done."
- name: Upload HTML report
if: success() || failure()
uses: actions/upload-artifact@v4
with:
name: ZAP_FULL scan report
path: ./fullscan_report.html