@@ -455,128 +455,37 @@ jobs:
455455 docker_name : ' ghcr.io/zaproxy/zaproxy:stable'
456456 docker_args : ' --network="host"'
457457
458- # Copy ZAP config file to workspace
459- - name : Copy ZAP configuration files
460- run : |
461- # Ensure ZAP config file is accessible
462- if [ -f "zap-advanced-config.conf" ]; then
463- cp zap-advanced-config.conf /tmp/zap-advanced-config.conf
464- chmod 644 /tmp/zap-advanced-config.conf
465- echo "ZAP advanced config file copied to /tmp"
466- else
467- echo "Warning: ZAP advanced config file not found"
468- fi
469-
470- # - name: ZAP Full Scan
471- # uses: zaproxy/action-full-scan@v0.8.0
472- # continue-on-error: true
473- # with:
474- # target: 'http://localhost:4200'
475- # allow_issue_writing: true
476- # # Use the advanced config and specify additional APIs to test
477- # cmd_options: '-a -j -T 90 -c /tmp/zap-advanced-config.conf -z "-configfile /tmp/zap-advanced-config.conf" -x /tmp/zap-output/zap-full-scan-report.xml -J /tmp/zap-output/zap-full-scan-report.json'
478- # rules_file_name: 'zap-rules.tsv'
479- # issue_title: 'ZAP Full Scan Report'
480- # docker_name: 'ghcr.io/zaproxy/zaproxy:stable'
481- # docker_args: '--network="host"'
482- # cmd_progress_timeout: 120
483-
484- # Attempt to scan specific paths known to be vulnerable
485- - name : ZAP Targeted Scan
486- if : always() # Run even if full scan succeeds to ensure we test specific paths
487- uses : zaproxy/action-full-scan@v0.8.0
488- continue-on-error : true
489- with :
490- target : ' http://localhost:4200'
491- allow_issue_writing : true
492- # Focus specifically on XSS and other critical tests with known target URLs
493- cmd_options : ' -a -j -T 60 -c /tmp/zap-advanced-config.conf -z "-configfile /tmp/zap-advanced-config.conf -config scanner.attackStrength=INSANE -config rules.ascanrules.xss.strength=INSANE" -x /tmp/zap-output/zap-targeted-report.xml -J /tmp/zap-output/zap-targeted-report.json'
494- rules_file_name : ' zap-rules.tsv'
495- issue_title : ' ZAP Targeted Scan Report'
496- docker_name : ' ghcr.io/zaproxy/zaproxy:stable'
497- docker_args : ' --network="host"'
498- cmd_progress_timeout : 120
499-
500- # Try scanning the API directly as a separate test
501- - name : ZAP API Scan
502- if : always() # Run regardless of other scan results
503- continue-on-error : true
504- run : |
505- echo "Running direct API scan..."
506- # Try to access API endpoints directly with ZAP
507- docker run --rm --network="host" -v /tmp:/zap/wrk/:rw -t ghcr.io/zaproxy/zaproxy:stable zap-full-scan.py -t http://localhost:8000 -J /zap/wrk/zap-api-scan-report.json -x /zap/wrk/zap-api-scan-report.xml -r /zap/wrk/zap-api-scan-report.html -a -d -T 60 -j --hook=/zap/auth_hook.py || echo "API scan failed but continuing"
508-
509- # Check if reports were generated
510- if [ -f "/tmp/zap-api-scan-report.json" ]; then
511- cp /tmp/zap-api-scan-report.* ./docs/reports/ 2>/dev/null || echo "Could not copy API scan reports"
512- fi
458+ # Only keep the baseline scan, removing other ZAP scans
513459
514460 # Copy ZAP reports to docs/reports directory
515- - name : Copy ZAP reports to docs/ reports
461+ - name : Copy ZAP Baseline Scan reports
516462 run : |
517- echo "Looking for ZAP report files in various locations ..."
463+ echo "Looking for ZAP Baseline Scan report files ..."
518464
519465 # Check in /tmp/zap-output where we directed ZAP to write reports
520466 echo "Checking in /tmp/zap-output:"
521467 ls -la /tmp/zap-output || echo "Directory not found"
522468
523- # Check in current directory
524- echo "Checking in current directory:"
525- find . -maxdepth 2 -name "*report*.xml" -o -name "*report*.json"
526-
527469 # Try to copy from our specific ZAP output directory first
528470 if [ -d "/tmp/zap-output" ]; then
529471 echo "Copying reports from /tmp/zap-output:"
530472 cp -v /tmp/zap-output/*.* ./docs/reports/ 2>/dev/null || echo "No files to copy from /tmp/zap-output"
531473 fi
532474
533- # Copy all ZAP reports from various directories
534- echo "Using find to locate all ZAP report files across multiple locations..."
535- find /tmp -name "*report*.json" -o -name "*report*.xml" -o -name "*report*.html" 2>/dev/null | while read report; do
536- echo "Found report via find: $report"
537- cp -v "$report" ./docs/reports/ 2>/dev/null || echo "Failed to copy $report"
538- done
539-
540- # Then try multiple possible filenames and locations for the reports
475+ # Look for baseline scan reports only
541476 for report in \
542477 ./zap-baseline-report.xml \
543478 ./zap-baseline-report.json \
544- ./zap-full-scan-report.xml \
545- ./zap-full-scan-report.json \
546- ./zap-targeted-report.xml \
547- ./zap-targeted-report.json \
548- ./zap-api-scan-report.xml \
549- ./zap-api-scan-report.json \
550- ./zap-api-scan-report.html \
551479 ./report_json.json \
552480 ./report_xml.xml \
481+ ./report_html.html \
482+ ./report_md.md \
553483 /tmp/zap-output/zap-baseline-report.xml \
554484 /tmp/zap-output/zap-baseline-report.json \
555- /tmp/zap-output/zap-full-scan-report.xml \
556- /tmp/zap-output/zap-full-scan-report.json \
557- /tmp/zap-output/zap-targeted-report.xml \
558- /tmp/zap-output/zap-targeted-report.json \
559- /tmp/zap-api-scan-report.xml \
560- /tmp/zap-api-scan-report.json \
561- /tmp/zap-api-scan-report.html \
562485 /tmp/zap-baseline-report.xml \
563486 /tmp/zap-baseline-report.json \
564- /tmp/zap-full-scan-report.xml \
565- /tmp/zap-full-scan-report.json \
566- /tmp/zap-targeted-report.xml \
567- /tmp/zap-targeted-report.json \
568- /tmp/zap-api-scan-report.xml \
569- /tmp/zap-api-scan-report.json \
570- /tmp/zap-api-scan-report.html \
571487 /zap/wrk/zap-baseline-report.xml \
572- /zap/wrk/zap-baseline-report.json \
573- /zap/wrk/zap-full-scan-report.xml \
574- /zap/wrk/zap-full-scan-report.json \
575- /zap/wrk/zap-targeted-report.xml \
576- /zap/wrk/zap-targeted-report.json \
577- /zap/wrk/zap-api-scan-report.xml \
578- /zap/wrk/zap-api-scan-report.json \
579- /zap/wrk/zap-api-scan-report.html; do
488+ /zap/wrk/zap-baseline-report.json; do
580489 if [ -f "$report" ]; then
581490 echo "Found report: $report"
582491 cp -v "$report" ./docs/reports/
@@ -604,25 +513,7 @@ jobs:
604513 echo '}' >> ./docs/reports/zap-baseline-report.json
605514 fi
606515
607- if [ ! -f "./docs/reports/zap-full-scan-report.xml" ] && [ ! -f "./docs/reports/zap-full-scan-report.json" ]; then
608- echo "Creating placeholder for ZAP full scan reports (XML and JSON)"
609-
610- # Create XML placeholder using multiple echo statements
611- echo '<?xml version="1.0" encoding="UTF-8"?>' > ./docs/reports/zap-full-scan-report.xml
612- echo '<OWASPZAPReport version="2.11.0" generated="2025-09-07T12:00:00">' >> ./docs/reports/zap-full-scan-report.xml
613- echo ' <site name="http://localhost:4200">' >> ./docs/reports/zap-full-scan-report.xml
614- echo ' <alerts></alerts>' >> ./docs/reports/zap-full-scan-report.xml
615- echo ' </site>' >> ./docs/reports/zap-full-scan-report.xml
616- echo '</OWASPZAPReport>' >> ./docs/reports/zap-full-scan-report.xml
617-
618- # Create JSON placeholder with individual echo statements
619- echo '{' > ./docs/reports/zap-full-scan-report.json
620- echo ' "site": "http://localhost:4200",' >> ./docs/reports/zap-full-scan-report.json
621- echo ' "generated": "2025-09-07T12:00:00",' >> ./docs/reports/zap-full-scan-report.json
622- echo ' "version": "2.11.0",' >> ./docs/reports/zap-full-scan-report.json
623- echo ' "alerts": []' >> ./docs/reports/zap-full-scan-report.json
624- echo '}' >> ./docs/reports/zap-full-scan-report.json
625- fi
516+ # Full scan placeholder removed
626517
627518 # Check if any reports were copied or created
628519 echo "Contents of docs/reports directory:"
0 commit comments