A GitHub Action for running ZAP Automation Framework plans.
Required The file system path or URL to the Automation Framework plan to run.
Optional if specified must not be empty. The name of the ZAP Docker image to be used. By default the action runs the stable image.
Optional The names of the environment variables that should be passed to the Docker container for use in the plan, e.g.:
docker_env_vars: |
MY_TARGET_URL
MY_USER_NAME
MY_USER_PASSWORD
See also Environment variables.
Optional Additional command line options for ZAP.
The action will exit with the value of the plan, as indicated in the Automation Framework documentation.
Files created with the plan that need to be used after the plan has finished should be saved to the /zap/wrk/
directory, which is mapped to the GITHUB_WORKSPACE directory.
If set, the following ZAP authentication environment variables will be copied into the Docker container:
ZAP_AUTH_HEADER_VALUE
ZAP_AUTH_HEADER
ZAP_AUTH_HEADER_SITE
steps:
- name: ZAP Scan
uses: zaproxy/[email protected]
with:
plan: '.github/workflows/zap/plan.yml'