Skip to content

A GitHub Action for running ZAP Automation Framework plans

License

Notifications You must be signed in to change notification settings

zaproxy/action-af

Use this GitHub action with your project
Add this Action to an existing workflow or create a new one
View on Marketplace

Repository files navigation

action-af

A GitHub Action for running ZAP Automation Framework plans.

Inputs

plan

Required The file system path or URL to the Automation Framework plan to run.

docker_name

Optional if specified must not be empty. The name of the ZAP Docker image to be used. By default the action runs the stable image.

docker_env_vars

Optional The names of the environment variables that should be passed to the Docker container for use in the plan, e.g.:

docker_env_vars: |
  MY_TARGET_URL
  MY_USER_NAME
  MY_USER_PASSWORD

See also Environment variables.

cmd_options

Optional Additional command line options for ZAP.

Exit Value

The action will exit with the value of the plan, as indicated in the Automation Framework documentation.

Files

Files created with the plan that need to be used after the plan has finished should be saved to the /zap/wrk/ directory, which is mapped to the GITHUB_WORKSPACE directory.

Environment variables

If set, the following ZAP authentication environment variables will be copied into the Docker container:

  • ZAP_AUTH_HEADER_VALUE
  • ZAP_AUTH_HEADER
  • ZAP_AUTH_HEADER_SITE

Example usage

steps:
  - name: ZAP Scan
    uses: zaproxy/[email protected]
    with:
      plan: '.github/workflows/zap/plan.yml'