github action action-full-scan@v0.2.0 seems broken.
Closed this issue · 3 comments
DamionWaltermeyer commented
Describe the bug
Github Actions task fails when using demonstration code.
To Reproduce
Steps to reproduce the behavior:
- Inserted following code into github workflow .yml
jobs:
zap_scan:
runs-on: ubuntu-latest
name: Scan the webapplication
steps:
- name: Checkout
uses: actions/checkout@v2
with:
ref: master
- name: ZAP Scan
uses: zaproxy/action-full-scan@v0.2.0
with:
token: ${{ secrets.GITHUB_TOKEN }}
docker_name: 'owasp/zap2docker-stable'
target: 'https://www.zaproxy.org/'
rules_file_name: '.zap/rules.tsv'
cmd_options: '-a'
Expected behavior
I expect the github action ("action-full-scan@v0.2.0") to run, and scan the given domain. It does not.
Software versions
- ZAP: full-scan@v0.2.0
- Add-on: Name and version [e.g. Passive Scan Rules Alpha v19. https://www.zaproxy.org/faq/how-do-i-see-what-version-of-an-add-on-extension-i-have-installed/]
- OS: github container ubuntu-latest
- Java: whatever is built into the action container
- Browser: github action runner
Errors from the zap.log file
This isn't captured in the current process.
Additional context
baseline scan action works, just not full scan action.
Would you like to help fix this issue?
I am willing to help and test.
kingthorin commented
That's a checkout issue not a scan issue as you can tell by looking at the log. The "ZAPScan" step didn't even run
kingthorin commented
DamionWaltermeyer commented
I completely mis-read it and thought it couldn't find the git binary. My apologies. Thank you.