Update OWASP ZAP scans

The OWASP ZAP scan GitHub Actions have been updated recently and we need to make sure our GitHub Actions account for the recent changes. This changeset makes sure we are using the latest version of the OWASP ZAP API scan and the correct Docker image. Signed-off-by: Carlo Costino <carlo.costino@gsa.gov>
2026-05-02 07:00:51 -04:00 · 2023-09-28 17:31:39 -04:00
parent 5557f313b3
commit 38379176f4
2 changed files with 7 additions and 7 deletions
--- a/.github/workflows/checks.yml
+++ b/.github/workflows/checks.yml
@@ -112,14 +112,14 @@ jobs:
        env:
          NOTIFY_ENVIRONMENT: scanning
      - name: Run OWASP Baseline Scan
-        uses: zaproxy/action-baseline@v0.7.0
+        uses: zaproxy/action-baseline@v0.9.0
        with:
-          docker_name: "owasp/zap2docker-stable"
-          target: "http://localhost:6012"
+          docker_name: 'ghcr.io/zaproxy/zaproxy:weekly'
+          target: 'http://localhost:6012'
          fail_action: true
          allow_issue_writing: false
-          rules_file_name: "zap.conf"
-          cmd_options: "-I"
+          rules_file_name: 'zap.conf'
+          cmd_options: '-I'

  a11y-scan:
    runs-on: ubuntu-20.04
--- a/.github/workflows/daily_checks.yml
+++ b/.github/workflows/daily_checks.yml
@@ -50,9 +50,9 @@ jobs:
        env:
          NOTIFY_ENVIRONMENT: scanning
      - name: Run OWASP Full Scan
-        uses: zaproxy/action-full-scan@v0.4.0
+        uses: zaproxy/action-full-scan@v0.7.0
        with:
-          docker_name: 'owasp/zap2docker-stable'
+          docker_name: 'ghcr.io/zaproxy/zaproxy:weekly'
          target: 'http://localhost:6012'
          fail_action: true
          allow_issue_writing: false