rewrite ZAP scan workflow action

OWASP · Apr 15, 2024 · 01b1bcc · 01b1bcc
1 parent e297988
commit 01b1bcc
Showing 1 changed file with 5 additions and 23 deletions.
diff --git a/.github/workflows/pull_request.yaml b/.github/workflows/pull_request.yaml
@@ -340,31 +340,13 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4.1.1
 
-      # There's probably a better way of doing this.
-      # Not a great idea to chmod 777, even if it's only
-      # in a CI runner
-      - name: Make report dir
-        run: sudo mkdir zap && sudo chmod 0777 zap
-
       - name: ZAP Scan
-        run: |
-          docker run -v $(pwd):/zap/wrk/:rw \
-            -t \
-            --network=host \
-            owasp/zap2docker-stable \
-            zap-baseline.py \
-            -t http://localhost:3000 \
-            -r zap/report_web.html \
-            -a \
-            -c .github/workflows/.zap-rules-web.tsv \
-            -j
-
-      - name: Upload scan report
-        uses: actions/upload-artifact@v4.3.0
+        uses: zaproxy/action-full-scan@v0.10.0
         with:
-          name: zap_report_web.zip
-          path: zap/report_web.html
-        if: ${{ always() }}
+          token: ${{ secrets.GITHUB_TOKEN }}
+          target: 'http://localhost:3000'
+          rules_file_name: '.github/workflows/.zap-rules-web.tsv'
+          cmd_options: '-a'
 
   scan_image_with_trivy:
     name: Scan with trivy