From a2e3bba440fe04e27a6e0b83f78072ca318e9bf5 Mon Sep 17 00:00:00 2001
From: githubmamatha <106563495+githubmamatha@users.noreply.github.com>
Date: Wed, 4 Dec 2024 13:37:59 -0800
Subject: [PATCH] ZAPscan version upgraded and added dependabot github actions
 (#541)

---
 .github/dependabot.yml                                        | 4 ++++
 .../workflows/build.from.developer.branch.deploy.to.dev.yml   | 2 +-
 .github/workflows/build.from.main.branch.deploy.to.dev.yml    | 2 +-
 .github/workflows/build.from.release.branch.deploy.to.dev.yml | 2 +-
 4 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 0d28b300..85708f49 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -10,3 +10,7 @@ updates:
     schedule:
       interval: "daily"
     target-branch: "grad-release"
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
diff --git a/.github/workflows/build.from.developer.branch.deploy.to.dev.yml b/.github/workflows/build.from.developer.branch.deploy.to.dev.yml
index ad579c75..2026371d 100644
--- a/.github/workflows/build.from.developer.branch.deploy.to.dev.yml
+++ b/.github/workflows/build.from.developer.branch.deploy.to.dev.yml
@@ -154,6 +154,6 @@ jobs:
 
       # now hit it with a zap scan
       - name: ZAP Scan
-        uses: zaproxy/action-api-scan@v0.7.0
+        uses: zaproxy/action-api-scan@v0.9.0
         with:
          target: 'https://${{ env.REPO_NAME }}-${{ env.OPENSHIFT_NAMESPACE }}.apps.silver.devops.gov.bc.ca/api/v1/api-docs'
diff --git a/.github/workflows/build.from.main.branch.deploy.to.dev.yml b/.github/workflows/build.from.main.branch.deploy.to.dev.yml
index d192192d..80ad3870 100644
--- a/.github/workflows/build.from.main.branch.deploy.to.dev.yml
+++ b/.github/workflows/build.from.main.branch.deploy.to.dev.yml
@@ -141,6 +141,6 @@ jobs:
 
       # now hit it with a zap scan
       - name: ZAP Scan
-        uses: zaproxy/action-api-scan@v0.7.0
+        uses: zaproxy/action-api-scan@v0.9.0
         with:
          target: 'https://${{ env.REPO_NAME }}-${{ env.OPENSHIFT_NAMESPACE }}.apps.silver.devops.gov.bc.ca/api/v1/api-docs'
diff --git a/.github/workflows/build.from.release.branch.deploy.to.dev.yml b/.github/workflows/build.from.release.branch.deploy.to.dev.yml
index 0375760b..e4296d52 100644
--- a/.github/workflows/build.from.release.branch.deploy.to.dev.yml
+++ b/.github/workflows/build.from.release.branch.deploy.to.dev.yml
@@ -149,6 +149,6 @@ jobs:
 
       # now hit it with a zap scan
       - name: ZAP Scan
-        uses: zaproxy/action-api-scan@v0.7.0
+        uses: zaproxy/action-api-scan@v0.9.0
         with:
          target: 'https://${{ env.REPO_NAME }}-${{ env.OPENSHIFT_NAMESPACE }}.apps.silver.devops.gov.bc.ca/api/v1/api-docs'