privatebin-docker-nginx-fpm-alpine/.github/workflows/owasp.yml

# This is a basic workflow to help you get started with Actions

name: Security-scan

# Controls when the action will run. 
on:
  schedule:
    - cron: '0 3 * * *' # everyday at 03:00 UTC
  pull_request:
    branches: master
  push:
    branches: master
    tags: '*'

  # Allows you to run this workflow manually from the Actions tab
  workflow_dispatch:

# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
  # This workflow contains a single job called "build"
  build:
    # The type of runner that the job will run on
    runs-on: ubuntu-latest

    # Steps represent a sequence of tasks that will be executed as part of the job
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          ref: master
    
      # Runs a single command using the runners shell
      - name: Pull and start docker
        run: docker run -d --read-only -p 8080:8080 privatebin/nginx-fpm-alpine

      # Run OWASP scan
      - name: OWASP ZAP Full Scan
        uses: zaproxy/action-full-scan@v0.9.0
        with:
          # GitHub Token to create issues in the repository
          #token: # optional, default is ${{ github.token }}
          # Target URL
          target: http://localhost:8080 
          # Relative path of the ZAP configuration file
          rules_file_name: ".github/rules.tsv" # optional
          # The Docker file to be executed
          #docker_name: # default is owasp/zap2docker-stable
          # Additional command line options
          #cmd_options: # optional
          # The title for the GitHub issue to be created
          #issue_title: # optional, default is ZAP Full Scan Report
          # The action status will be set to fail if ZAP identifies any alerts during the full scan
          #fail_action: # optional