Skip to content
Draft
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
25 changes: 25 additions & 0 deletions .github/workflows/zap-baseline.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
name: OWASP ZAP Baseline Scan

on:
schedule:
- cron: '0 12 * * 1'
workflow_dispatch:

env:
OWASP_ZAP_TARGET_URL: https://yearn.fi

jobs:
zap-scan:
runs-on: ubuntu-latest
steps:
- name: ZAP Baseline Scan
uses: zaproxy/action-baseline@v0.14.0
with:
target: ${{ env.OWASP_ZAP_TARGET_URL }}

- name: Upload Report
if: always()
uses: actions/upload-artifact@v4
with:
name: zap-report
path: report_html.html
6 changes: 6 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -56,3 +56,9 @@ yearn.fi-worktree-*

# codex settings
.codex

# ZAP scan artifacts
report_html.html
report_md.md
report_json.json
zap.yaml
18 changes: 18 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -96,6 +96,24 @@ Notes:
git push origin <branch-name>
```

### Running the OWASP ZAP Scan Locally

You can run the ZAP baseline scan workflow locally using [act](https://github.com/nektos/act):

``` bash
act workflow_dispatch -W .github/workflows/zap-baseline.yml
```

The scan targets the URL set in `OWASP_ZAP_TARGET_URL` (defaults to `https://yearn.fi`). Reports are written to the repo root:
- `report_html.html` — full HTML report
- `report_md.md` — markdown summary

To override the target URL:

``` bash
act workflow_dispatch -W .github/workflows/zap-baseline.yml --env OWASP_ZAP_TARGET_URL=https://staging.yearn.fi
```

### Submitting Pull Request

- Go to your GitHub and navigate to your forked repo
Expand Down
Loading