This repository contains workflow files for GitHub Actions. These workflows performs either a Full scan or an API scan.
Message from the OWASP ZAP Team:
WARNING [these actions] will perform attacks on the target website [or api]. You should only scan targets that you have permission to test. You should also check with your hosting company and any other services such as CDNs that may be affected before running this action. ZAP will also submit forms which could result in a large number of messages via, for example, 'Contact us' or 'comment' forms.
To setup this project it is required to define the following repository secrets:
Target url for the ZAP full scan.
Target API definition as local file or URL like https://www.example.com/openapi.json
The format of the defintion openapi
, graphql
or soap
.
Additional command lines options for the scan script