Skip to content
zap

GitHub Action

ZAP Automation Framework Scan

v0.1.0 Latest version

ZAP Automation Framework Scan

zap

ZAP Automation Framework Scan

Runs a ZAP Automation Framework plan. Powerful and flexible DAST scanning

Installation

Copy and paste the following snippet into your .yml file.

              

- name: ZAP Automation Framework Scan

uses: zaproxy/[email protected]

Learn more about this action in zaproxy/action-af

Choose a version

action-af

A GitHub Action for running ZAP Automation Framework plans.

Inputs

plan

Required The file system path or URL to the Automation Framework plan to run.

docker_name

Optional if specified must not be empty. The name of the ZAP Docker image to be used. By default the action runs the stable image.

docker_env_vars

Optional The names of the environment variables that should be passed to the Docker container for use in the plan, e.g.:

docker_env_vars: |
  MY_TARGET_URL
  MY_USER_NAME
  MY_USER_PASSWORD

See also Environment variables.

cmd_options

Optional Additional command line options for ZAP.

Exit Value

The action will exit with the value of the plan, as indicated in the Automation Framework documentation.

Files

Files created with the plan that need to be used after the plan has finished should be saved to the /zap/wrk/ directory, which is mapped to the GITHUB_WORKSPACE directory.

Environment variables

If set, the following ZAP authentication environment variables will be copied into the Docker container:

  • ZAP_AUTH_HEADER_VALUE
  • ZAP_AUTH_HEADER
  • ZAP_AUTH_HEADER_SITE

Example usage

steps:
  - name: ZAP Scan
    uses: zaproxy/[email protected]
    with:
      plan: '.github/workflows/zap/plan.yml'