0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2025-01-20 22:52:51 -05:00

test(ui): add owasp zap scanner in ci/cd

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
This commit is contained in:
Ramkumar Chinchani 2023-02-07 01:48:25 +00:00
parent af222de108
commit 6d03ce5f2d
No known key found for this signature in database
GPG key ID: 454D1719210F6D01
2 changed files with 49 additions and 0 deletions

48
.github/workflows/web-scan.yml vendored Normal file
View file

@ -0,0 +1,48 @@
name: 'Security web scan for zot'
on:
push:
branches:
- main
pull_request:
branches:
- main
release:
types:
- published
permissions:
contents: read
issues: write
jobs:
zap_scan:
runs-on: ubuntu-latest
name: Scan the webapplication
strategy:
matrix:
flavor: [zot-minimal-linux-amd64, zot-linux-amd64]
steps:
- name: Checkout
uses: actions/checkout@v2
with:
ref: main
- name: Setup
run: |
# upload images, zot can serve OCI image layouts directly like so
mkdir /tmp/zot
skopeo copy --format=oci docker://busybox:latest oci:/tmp/zot/busybox:latest
# start zot
docker pull ghcr.io/project-zot/zot-minimal-linux-amd64:latest
docker run -d --name zot -v /tmp/zot:/var/lib/registry -p 8000:5000 ghcr.io/project-zot/${{ matrix.flavor }}:latest
# wait until service is up
while true; do x=0; curl -f http://$REGISTRY_HOST/v2/ || x=1; if [ $x -eq 0 ]; then break; fi; sleep 1; done
env:
REGISTRY_HOST: localhost:8000
- name: ZAP Scan
uses: zaproxy/action-baseline@v0.7.0
with:
token: ${{ secrets.GITHUB_TOKEN }}
docker_name: 'owasp/zap2docker-stable'
target: 'http://localhost:8000'
rules_file_name: '.zap/rules.tsv'
cmd_options: '-a'

1
.zap/rules.tlv Normal file
View file

@ -0,0 +1 @@
10049 IGNORE (Storable and Cacheable Content)