github action action-full-scan@v0.2.0 seems broken.

Question

github action action-full-scan@v0.2.0 seems broken.

Closed this issue 4 years ago · 3 comments

Describe the bug
Github Actions task fails when using demonstration code.

To Reproduce
Steps to reproduce the behavior:

Inserted following code into github workflow .yml


jobs:
  zap_scan:
    runs-on: ubuntu-latest
    name: Scan the webapplication
    steps:
      - name: Checkout
        uses: actions/checkout@v2
        with:
          ref: master
      - name: ZAP Scan
        uses: zaproxy/action-full-scan@v0.2.0
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
          docker_name: 'owasp/zap2docker-stable'
          target: 'https://www.zaproxy.org/'
          rules_file_name: '.zap/rules.tsv'
          cmd_options: '-a'

Expected behavior
I expect the github action ("action-full-scan@v0.2.0") to run, and scan the given domain. It does not.

Screenshots

Software versions

ZAP: full-scan@v0.2.0
Add-on: Name and version [e.g. Passive Scan Rules Alpha v19. https://www.zaproxy.org/faq/how-do-i-see-what-version-of-an-add-on-extension-i-have-installed/]
OS: github container ubuntu-latest
Java: whatever is built into the action container
Browser: github action runner

Errors from the zap.log file
This isn't captured in the current process.

Additional context
baseline scan action works, just not full scan action.

Would you like to help fix this issue?
I am willing to help and test.

Answer 1 · 2020-11-18T23:26:48.000Z

That's a checkout issue not a scan issue as you can tell by looking at the log. The "ZAPScan" step didn't even run

Answer 2 · 2020-11-18T23:33:22.000Z

Per: https://www.githubstatus.com/

Answer 3 · 2020-11-19T04:10:40.000Z

I completely mis-read it and thought it couldn't find the git binary. My apologies. Thank you.