darkhelm/notifications-admin
1
0
Fork 0
mirror of https://github.com/GSA/notifications-admin.git synced 2025-12-09 14:45:00 -05:00
Code Issues Packages Projects Releases Wiki Activity

Switch some false-positive prone tests to WARN instead of FAIL

Browse Source
This commit is contained in:
Ryan Ahearn
2022-08-29 13:01:20 -04:00
parent 581caa4d14
commit 0213598bf8
2 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.github/workflows/daily_checks.yml vendored
View File

@@ -3,8 +3,8 @@ name: Run daily scans
on:
schedule:
# cron format: 'minute hour dayofmonth month dayofweek'
# this will run at noon UTC every day (7am EST / 8am EDT)
- cron: '0 12 * * *'
# this will run at 10am UTC every day (5am EST / 6am EDT)
- cron: '0 10 * * *'
permissions:
contents: read

4
zap.conf
View File

@@ -61,7 +61,7 @@
10109 WARN (Modern Web Application - Passive/beta)
10202 WARN (Absence of Anti-CSRF Tokens - Passive/release)
2 WARN (Private IP Disclosure - Passive/release)
20012 FAIL (Anti-CSRF Tokens Check - Active/beta)
20012 WARN (Anti-CSRF Tokens Check - Active/beta)
20014 WARN (HTTP Parameter Pollution - Active/beta)
20015 WARN (Heartbleed OpenSSL Vulnerability - Active/beta)
20016 WARN (Cross-Domain Misconfiguration - Active/beta)
@@ -80,7 +80,7 @@
40014 FAIL (Cross Site Scripting (Persistent) - Active/release)
40016 FAIL (Cross Site Scripting (Persistent) - Prime - Active/release)
40017 FAIL (Cross Site Scripting (Persistent) - Spider - Active/release)
40018 FAIL (SQL Injection - Active/release)
40018 WARN (SQL Injection - Active/release)
40019 FAIL (SQL Injection - MySQL - Active/beta)
40020 FAIL (SQL Injection - Hypersonic SQL - Active/beta)
40021 FAIL (SQL Injection - Oracle - Active/beta)