testolvc/gist:b061abe975be5155e4d186e6fe108ab5

## gistfile1.txt
name: Dynamic Guided Scans

on:
  #push:
  workflow_dispatch: # to allow to run manually

permissions: # https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
  contents: read


jobs:

  DAST-Guided-Scan:
    runs-on: ubuntu-latest

    steps:

      - name: Checkout Sources
        uses: actions/checkout@v4
        with:
          persist-credentials: false

      - name: Set up JDK
        uses: actions/setup-java@v4
        with:
          java-version: 11
          distribution: 'temurin'

      - name: Setup Maven Dependency Cache
        uses: actions/cache@v4
        with:
          path: ~/.m2/repository
          key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
          restore-keys: |
            ${{ runner.os }}-maven-

      - name: Build with Maven
        run: mvn clean install -DskipTests

      - name: Deploy Marathon for Local Integration Tests
        run: cd integration && ./start-integration.sh

      - name: Download OWASP ZAP # consider caching the downloaded ZAP if you like
        run: |
          wget https://github.com/zaproxy/zaproxy/releases/download/v2.15.0/ZAP_2.15.0_Crossplatform.zip && \
          unzip ZAP_2.15.0_Crossplatform.zip && \
          rm ZAP_2.15.0_Crossplatform.zip && \
          mv ZAP_2.15.0 ZAP && \
          cd ZAP

      - name: Start OWASP ZAP in Background
        run: cd ZAP && pwd && nohup ./zap.sh -daemon -port 7777 -host 127.0.0.1 -config api.disablekey=true -config api.addrs.addr.name=.* -config api.addrs.addr.regex=true -config api.incerrordetails=true &

      - name: Guided Scan with OWASP ZAP and Test-Automation
        run: sleep 30 && cd integration && ./zap-guided-scan.sh

      - name: Upload OWASP ZAP Report as Artifact (HTML)
        uses: actions/upload-artifact@v4
        with:
          name: report.html
          path: /tmp/report.html

#      - name: Upload OWASP ZAP Report as Artifact (SARIF)
#        uses: actions/upload-artifact@v4
#        with:
#          name: report.json
#          path: /tmp/report.json
	name: Dynamic Guided Scans

	on:
	#push:
	workflow_dispatch: # to allow to run manually

	permissions: # https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
	contents: read


	jobs:

	DAST-Guided-Scan:
	runs-on: ubuntu-latest

	steps:

	- name: Checkout Sources
	uses: actions/checkout@v4
	with:
	persist-credentials: false

	- name: Set up JDK
	uses: actions/setup-java@v4
	with:
	java-version: 11
	distribution: 'temurin'

	- name: Setup Maven Dependency Cache
	uses: actions/cache@v4
	with:
	path: ~/.m2/repository
	key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
	restore-keys: \|
	${{ runner.os }}-maven-

	- name: Build with Maven
	run: mvn clean install -DskipTests

	- name: Deploy Marathon for Local Integration Tests
	run: cd integration && ./start-integration.sh

	- name: Download OWASP ZAP # consider caching the downloaded ZAP if you like
	run: \|
	wget https://github.com/zaproxy/zaproxy/releases/download/v2.15.0/ZAP_2.15.0_Crossplatform.zip && \
	unzip ZAP_2.15.0_Crossplatform.zip && \
	rm ZAP_2.15.0_Crossplatform.zip && \
	mv ZAP_2.15.0 ZAP && \
	cd ZAP

	- name: Start OWASP ZAP in Background
	run: cd ZAP && pwd && nohup ./zap.sh -daemon -port 7777 -host 127.0.0.1 -config api.disablekey=true -config api.addrs.addr.name=.* -config api.addrs.addr.regex=true -config api.incerrordetails=true &

	- name: Guided Scan with OWASP ZAP and Test-Automation
	run: sleep 30 && cd integration && ./zap-guided-scan.sh

	- name: Upload OWASP ZAP Report as Artifact (HTML)
	uses: actions/upload-artifact@v4
	with:
	name: report.html
	path: /tmp/report.html

	# - name: Upload OWASP ZAP Report as Artifact (SARIF)
	# uses: actions/upload-artifact@v4
	# with:
	# name: report.json
	# path: /tmp/report.json
No results found