DEV Community

Eng Soon Cheah
Eng Soon Cheah

Posted on • Edited on

5 2

Security Testing with ZAP and GitHub Actions

Dynamic Application Security Testing (DAST) with OWASP Zap Scanner

PREREQUISITE

For this demo, I decided to use OWASP ZAP Full Scan.
You can find this at GitHub Marketplace.

Let Start the Demo

  1. Go to Actions tab at your GitHub Repo. Alt Text
  2. Select set up a workflow yourself ->
  3. Go to Marketplace, search for OWASP and Select OWASP ZAP Full Scan, and you will see the sample workflow snippet. Alt Text
  4. Modify the workflow snippet as below and replace with sample website URL. After modified, select Start commit. ```

name: zapfull-security-scan
on:
push:
branches: [ master ]
pull_request:
branches: [ master ]

jobs:
build:
runs-on: ubuntu-latest
steps:

- name: OWASP ZAP Full Scan
uses: zaproxy/action-full-scan@v0.1.0
with:
target: "https://techconnectweb.azurewebsites.net/"

5.Go back to **Actions** tab, you will see the workflow In progress.
![Alt Text](https://dev-to-uploads.s3.amazonaws.com/i/wllu15r7m5dsxzdqt2l0.png)
6.Select the **build**. The workflow in progress setup and scanning.
![Alt Text](https://dev-to-uploads.s3.amazonaws.com/i/4oiiguov4c43n40j4vqg.png)
7.After complete scanning through OWASP ZAP, the report will generated in **Issues** tab.
![Alt Text](https://dev-to-uploads.s3.amazonaws.com/i/1wucdpskc91iwypvby1u.png)
8.For more details for OWASP ZAP Full Scan report, you can go back to the **Actions** tab, select the Artifacts **zap_scan**. After downloaded, you will see the OWASP Report as below.
![Alt Text](https://dev-to-uploads.s3.amazonaws.com/i/vlwmjganc8zfg46ljabp.png)

References:
https://www.zaproxy.org/blog/2020-05-15-dynamic-application-security-testing-with-zap-and-github-actions/
Enter fullscreen mode Exit fullscreen mode

Heroku

Simplify your DevOps and maximize your time.

Since 2007, Heroku has been the go-to platform for developers as it monitors uptime, performance, and infrastructure concerns, allowing you to focus on writing code.

Learn More

Top comments (0)

A Workflow Copilot. Tailored to You.

Pieces.app image

Our desktop app, with its intelligent copilot, streamlines coding by generating snippets, extracting code from screenshots, and accelerating problem-solving.

Read the docs

👋 Kindness is contagious

Please leave a ❤️ or a friendly comment on this post if you found it helpful!

Okay