From 4ae351b1f629daa7c49649096fdeb26a16ab29aa Mon Sep 17 00:00:00 2001 From: Carlo Costino Date: Thu, 30 Jan 2025 16:32:12 -0500 Subject: [PATCH 1/3] This changeset explicitly enables the FEATURE_ABOUT_PAGE_ENABLED feature flag for our dynamic scans to make sure that all pages are scanned, regardless if they are enabled on our production site or not. Signed-off-by: Carlo Costino --- .github/workflows/checks.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml index c3ef5dcbb..af32a5a94 100644 --- a/.github/workflows/checks.yml +++ b/.github/workflows/checks.yml @@ -165,6 +165,7 @@ jobs: run: make run-flask & env: NOTIFY_ENVIRONMENT: scanning + FEATURE_ABOUT_PAGE_ENABLED: true - name: Run OWASP Baseline Scan uses: zaproxy/action-baseline@v0.9.0 with: From 0ba489df7849d6b3ef029fdca39d7236f3f8a3d2 Mon Sep 17 00:00:00 2001 From: Carlo Costino Date: Fri, 31 Jan 2025 10:46:32 -0500 Subject: [PATCH 2/3] Update reference to zaproxy/action-baseline to 0.14.0 Signed-off-by: Carlo Costino --- .github/workflows/checks.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml index af32a5a94..e2343f415 100644 --- a/.github/workflows/checks.yml +++ b/.github/workflows/checks.yml @@ -167,7 +167,7 @@ jobs: NOTIFY_ENVIRONMENT: scanning FEATURE_ABOUT_PAGE_ENABLED: true - name: Run OWASP Baseline Scan - uses: zaproxy/action-baseline@v0.9.0 + uses: zaproxy/action-baseline@v0.14.0 with: docker_name: "ghcr.io/zaproxy/zaproxy:weekly" target: "http://localhost:6012" From d627ba62dec4445122576d67b152d53241610dd4 Mon Sep 17 00:00:00 2001 From: Carlo Costino Date: Fri, 31 Jan 2025 11:08:48 -0500 Subject: [PATCH 3/3] Update reference in daily check action Signed-off-by: Carlo Costino --- .github/workflows/daily_checks.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/daily_checks.yml b/.github/workflows/daily_checks.yml index a5e81a137..b24a71738 100644 --- a/.github/workflows/daily_checks.yml +++ b/.github/workflows/daily_checks.yml @@ -50,7 +50,7 @@ jobs: env: NOTIFY_ENVIRONMENT: scanning - name: Run OWASP Full Scan - uses: zaproxy/action-full-scan@v0.7.0 + uses: zaproxy/action-full-scan@v0.12.0 with: docker_name: 'ghcr.io/zaproxy/zaproxy:weekly' target: 'http://localhost:6012'