Skip to content

Run ZAP API Scan

Run ZAP API Scan #5

Workflow file for this run

name: Run ZAP API Scan
on:
workflow_dispatch:
inputs:
spec_url:
type: string
description: The URL of the OpenAPI/GraphQL spec
default: https://dev.strdata.gov.bc.ca/api/swagger/strdata/swagger.json
auth_header_name:
type: string
description: The name of the authentication header
default: Authorization
auth_header_value:
type: string
description: The value of the authentication header
default: Bearer your_token
jobs:
zap-api-scan:
runs-on: ubuntu-22.04
timeout-minutes: 30
permissions:
contents: read
issues: write
env:
ZAP_AUTH_HEADER_NAME: ${{ github.event.inputs.auth_header_name }}
ZAP_AUTH_HEADER_VALUE: ${{ github.event.inputs.auth_header_value }}
steps:
- name: Checkout
uses: actions/checkout@v4
with:
ref: main
- name: ZAP API Scan
uses: zaproxy/[email protected]
with:
token: ${{ secrets.GITHUB_TOKEN }}
docker_name: 'ghcr.io/zaproxy/zaproxy:stable'
format: openapi
target: ${{ github.event.inputs.spec_url }}
rules_file_name: '.zap/rules.tsv'
cmd_options: '-a'