MARKDOWN 25
Audit-api.yml Guest on 28th June 2023 11:18:33 AM

name: "AUDIT | 🖥 API Security Audit"

on: push: branches:

  • main workflow_dispatch: schedule:
    • cron: "0 1 1"

jobs: matrix: name: GENERATE | Test Matrix runs-on: [self-hosted, ubuntu-latest] outputs: matrix: ${{ steps.set-matrix.outputs.matrix }} steps:

  • uses: actions/checkout@v3
  • id: set-matrix run: | echo "matrix=$(cat inventory/apis.json | jq -r '[.hosts[].url] | map("\"" + . + "\"") | "[" + join(",") + "]"')" >> $GITHUB_OUTPUT

  • name: Activity matrix run: | echo "📜 API scan will be performed on: ${{ steps.set-matrix.outputs.matrix }}" echo "🕐 Date: $(date +'%d-%m-%YT%H-%M-%S-%Z')"

    scan_zap: name: SCAN | OWASP ZAP DAST timeout-minutes: 30 runs-on: [self-hosted, ubuntu-latest] needs: matrix strategy: fail-fast: false matrix: target: ${{ fromJSON(needs.matrix.outputs.matrix) }} steps:

  • name: Prepare environment run: | echo "START_DATE=$(date +'%d-%m-%YT%H-%M-%S-%Z')" >> $GITHUB_ENV echo "START_TIMESTAMP=$(date +'%s')" >> $GITHUB_ENV TMP_TARGET=$(echo "${{ matrix.target }}") echo "TARGET=$TMP_TARGET" >> $GITHUB_ENV TMP_TARGET=$(echo "${{ matrix.target }}" | sed 's/http[s]\?:\/\///g' | sed 's/[\/:]//g') echo "TARGET_SAFE=$TMP_TARGET" >> $GITHUB_ENV

  • name: Checkout uses: actions/checkout@v3

  • name: Test for security vulnerabilities with OWASP ZAP env: REPORT_DIR: ${{ runner.workspace }}/reports/api run: | /usr/bin/docker pull owasp/zap2docker-stable -q /usr/bin/docker run -v ${{ runner.workspace }}:/zap --network=host -e ZAP_AUTH_HEADER -e ZAP_AUTH_HEADER_VALUE -e ZAP_AUTH_HEADER_SITE -t owasp/zap2docker-stable zap-api-scan.py -t ${{ matrix.target }} -f openapi -J report_json.json -w report_md.md -r report_html.html cp ./report_html.html ./reports/api/report-zap-${{ env.TARGET_SAFE }}-${{ env.START_DATE }}-${{ env.START_TIMESTAMP }}.html cp ./report_json.json ./reports/api/report-zap-${{ env.TARGET_SAFE }}-${{ env.START_DATE }}-${{ env.START_TIMESTAMP }}.json

  • name: Commit and push changes uses: EndBug/add-and-commit@v9 with: author_name: GitHub Actions author_email: 41898282+github-actions[bot]@users.noreply.github.com message: "👷 chore(zap): add report for ${{ env.TARGET_SAFE }}-${{ env.START_DATE }}-${{ env.START_TIMESTAMP }}" add: "./reports/api/*" pull: "--rebase --autostash"

    notify_telegram_onfail: name: NOTIFY | Telegram - FAIL runs-on: [self-hosted, ubuntu-latest] needs: scan_zap if: ${{ failure() }} steps:

  • name: Telegram Notify uses: appleboy/telegram-action@master with: to: ${{ secrets.TELEGRAM_TO }} token: ${{ secrets.TELEGRAM_TOKEN }} format: markdown message: | 🤖 xxVigilis | 🚫 | ${{ github.workflow }} Workflow: ${{ github.workflow }} Actor: ${{ github.actor }} Trigger: ${{ github.event_name }} See changes: https://github.com/${{ github.repository }}/commit/${{github.sha}} notify_telegram_success: name: NOTIFY | Telegram - OK runs-on: [self-hosted, ubuntu-latest] needs: scan_zap if: ${{ success() }} steps:
  • name: Telegram Notify uses: appleboy/telegram-action@master with: to: ${{ secrets.TELEGRAM_TO }} token: ${{ secrets.TELEGRAM_TOKEN }} format: markdown message: | 🤖 xxVigilis | ✅ | ${{ github.workflow }} Actor: ${{ github.actor }} Trigger: ${{ github.event_name }} See changes: https://github.com/${{ github.repository }}/commit/${{github.sha}}

RSO cPaste е място за публикуване на код или текст за по-лесно отстраняване на грешки.

Влез или се Регистрай за да редактираш, изтриваш или преглеждаш хронология на твоето публикувано съдържание

Последни пейстове

Untitled

Untitled

Untitled

Untitled

Stronger than[...]

Your choice

Root password

Untitled

Untitled

Untitled

Необработен текст

Влез или се Регистрирай за да редактираш или задържиш това съдържание.

Някои права запазени © 2025 RSO cPaste.
Хостинг от Paste