Skip to content

Commit

Permalink
Merge pull request #78 from thc202/auth-env-vars
Browse files Browse the repository at this point in the history
  • Loading branch information
kingthorin authored Oct 31, 2023
2 parents ba96264 + 5692c91 commit 77c4017
Show file tree
Hide file tree
Showing 4 changed files with 17 additions and 6 deletions.
6 changes: 4 additions & 2 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,9 @@ All notable changes to this GitHub action will be documented in this file.

The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).

## [Unreleased]
## [0.8.0] - 2023-10-31
### Added
- Support for authentication environment variables.

## [0.7.0] - 2023-08-24
### Fixed
Expand Down Expand Up @@ -55,7 +57,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).

First release to Marketplace.

[Unreleased]: https://github.com/zaproxy/action-full-scan/compare/v0.7.0...HEAD
[0.8.0]: https://github.com/zaproxy/action-full-scan/compare/v0.7.0...v0.8.0
[0.7.0]: https://github.com/zaproxy/action-full-scan/compare/v0.6.0...v0.7.0
[0.6.0]: https://github.com/zaproxy/action-full-scan/compare/v0.5.1...v0.6.0
[0.5.1]: https://github.com/zaproxy/action-full-scan/compare/v0.5.0...v0.5.1
Expand Down
13 changes: 11 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -62,13 +62,22 @@ if it identifies any alerts. Set this option to `true` if you want to fail the s

**Optional** By default the full scan action will attach the report to the build with the name `zap_scan`. Set this to a different string to name it something else. Consult [GitHub's documentation](https://github.com/actions/toolkit/blob/main/packages/artifact/docs/additional-information.md#non-supported-characters) for which artifact names are allowed.

## Environment variables

If set, the following [ZAP authentication environment variables](https://www.zaproxy.org/docs/authentication/handling-auth-yourself/#authentication-env-vars)
will be copied into the docker container:

- `ZAP_AUTH_HEADER_VALUE`
- `ZAP_AUTH_HEADER`
- `ZAP_AUTH_HEADER_SITE`

## Example usage

** Basic **
```
steps:
- name: ZAP Scan
uses: zaproxy/action-full-scan@v0.7.0
uses: zaproxy/action-full-scan@v0.8.0
with:
target: 'https://www.zaproxy.org/'
```
Expand All @@ -88,7 +97,7 @@ jobs:
with:
ref: master
- name: ZAP Scan
uses: zaproxy/action-full-scan@v0.7.0
uses: zaproxy/action-full-scan@v0.8.0
with:
token: ${{ secrets.GITHUB_TOKEN }}
docker_name: 'ghcr.io/zaproxy/zaproxy:stable'
Expand Down
2 changes: 1 addition & 1 deletion dist/index.js
Original file line number Diff line number Diff line change
Expand Up @@ -38369,7 +38369,7 @@ async function run() {
await exec.exec(`chmod a+w ${jsonReportName} ${mdReportName} ${htmlReportName}`);

await exec.exec(`docker pull ${docker_name} -q`);
let command = (`docker run -v ${workspace}:/zap/wrk/:rw --network="host" ` +
let command = (`docker run -v ${workspace}:/zap/wrk/:rw --network="host" -e ZAP_AUTH_HEADER -e ZAP_AUTH_HEADER_VALUE -e ZAP_AUTH_HEADER_SITE ` +
`-t ${docker_name} zap-full-scan.py -t ${target} -J ${jsonReportName} -w ${mdReportName} -r ${htmlReportName} ${cmdOptions}`);

if (plugins.length !== 0) {
Expand Down
2 changes: 1 addition & 1 deletion index.js
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ async function run() {
await exec.exec(`chmod a+w ${jsonReportName} ${mdReportName} ${htmlReportName}`);

await exec.exec(`docker pull ${docker_name} -q`);
let command = (`docker run -v ${workspace}:/zap/wrk/:rw --network="host" ` +
let command = (`docker run -v ${workspace}:/zap/wrk/:rw --network="host" -e ZAP_AUTH_HEADER -e ZAP_AUTH_HEADER_VALUE -e ZAP_AUTH_HEADER_SITE ` +
`-t ${docker_name} zap-full-scan.py -t ${target} -J ${jsonReportName} -w ${mdReportName} -r ${htmlReportName} ${cmdOptions}`);

if (plugins.length !== 0) {
Expand Down

0 comments on commit 77c4017

Please sign in to comment.