Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ZAP Scan CD updation #1777

Merged
merged 4 commits into from
Nov 24, 2023
Merged

ZAP Scan CD updation #1777

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
ee6923d
latest changes
alanraju-aot Nov 24, 2023
b025c71
latest changes
alanraju-aot Nov 24, 2023
bfa5460
bpm cd updation
alanraju-aot Nov 24, 2023
f3ede05
Update forms-flow-bpm-cd.yml
alanraju-aot Nov 24, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 18 additions & 2 deletions .github/workflows/forms-flow-bpm-cd.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,6 @@ jobs:
key: ${{ runner.os }}-buildx-${{ matrix.name }}-${{ github.sha }}
restore-keys: |
${{ runner.os }}-buildx-${{ matrix.name }}

- name: Build and push Docker image - amd64
if: ${{ github.ref != 'refs/heads/master' }}
uses: docker/build-push-action@v4
Expand Down Expand Up @@ -133,4 +132,21 @@ jobs:
- name: Deploy to eks
run: |
kubectl -n app2 patch deployment forms-flow-bpm -p '{"spec":{"template":{"spec":{"containers":[{"name":"forms-flow-bpm","image":"docker.io/formsflow/forms-flow-bpm:${{ env.VERSION }}"}]}}}}'
kubectl -n app2 rollout restart deployment forms-flow-bpm
kubectl -n app2 rollout restart deployment forms-flow-bpm

zap_scan:
runs-on: ubuntu-latest
name: Scan the webapplication
steps:
- name: Checkout
uses: actions/checkout@v2
with:
ref: master
- name: ZAP Scan
uses: zaproxy/[email protected]
with:
token: ${{ secrets.GITHUB_TOKEN }}
docker_name: 'ghcr.io/zaproxy/zaproxy:stable'
target: 'https://bpm2.aot-technologies.com/camunda'
rules_file_name: '.zap/rules.tsv'
cmd_options: '-a'
19 changes: 18 additions & 1 deletion .github/workflows/forms-flow-web-cd.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,4 +55,21 @@ jobs:
env:
BUCKET: ${{ secrets.BUCKET}}
VERSION: ${{ env.VERSION }}
working-directory: ./forms-flow-web/scripts
working-directory: ./forms-flow-web/scripts

zap_scan:
runs-on: ubuntu-latest
name: Scan the webapplication
steps:
- name: Checkout
uses: actions/checkout@v2
with:
ref: master
- name: ZAP Scan
uses: zaproxy/[email protected]
with:
token: ${{ secrets.GITHUB_TOKEN }}
docker_name: 'ghcr.io/zaproxy/zaproxy:stable'
target: 'https://forms-flow-web-app2.aot-technologies.com/form'
rules_file_name: '.zap/rules.tsv'
cmd_options: '-a'
19 changes: 19 additions & 0 deletions .zap/rules.tsv
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
10109 IGNORE (Modern Web Application)
10035 IGNORE (Strict-Transport-Security Header Not Set)
10098 IGNORE (Cross-Domain Misconfiguration)
10017 IGNORE (Cross-Domain JavaScript Source File Inclusion)
10096 IGNORE (Timestamp Disclosure - Unix)
10015 IGNORE (Incomplete or No Cache-control and Pragma HTTP Header Set)
10038 IGNORE (Content Security Policy (CSP) Header Not Set)
10099 IGNORE (Source Code Disclosure - Java)
10027 IGNORE (Information Disclosure - Suspicious Comments)
10094 IGNORE (Base64 Disclosure)
10063 IGNORE (Feature Policy Header Not Set)
10049 IGNORE (Storable but Non-Cacheable Content)
10049 IGNORE (Non-Storable Content)
10110 IGNORE (Dangerous JS Functions)
90004 IGNORE (Insufficient Site Isolation Against Spectre Vulnerability)
90005 IGNORE (Sec-Fetch-Dest Header is Missing)
90005 IGNORE (Sec-Fetch-Mode Header is Missing)
90005 IGNORE (Sec-Fetch-Site Header is Missing)
90005 IGNORE (Sec-Fetch-User Header is Missing)