Comments (4)
kingthorin
commented on June 12, 2024
1
As a work around you could simply add a step to your action workflow that exits successfully, if your goal is to always run the action but not ever fail the build
...
steps:
...
- name: Exit with success
run: exit 0from action-baseline.
richAtreides
commented on June 12, 2024
Is this being worked on?
from action-baseline.
Lewiscowles1986
commented on June 12, 2024
Will it fail every time? The warnings are not new on the second run. If it's just priming to give discoverability this seems almost desirable. If not, then they are not warnings, but errors and it's an indictment of the tool. For example running on a website with no cookies, hardly any JS, no contact forms, no user login, it starts telling me about software discoverability. There is no software I own in the stack, and the complaints are at best paranoid.
HSTS header missing... Well if I were testing an e-commerce site that might make sense, but actually I want http access.
from action-baseline.
kingthorin
commented on June 12, 2024
Will it fail every time?
It depends how you've configured it.
The warnings are not new on the second run.
Have you configured it to only care about new alerts?
HSTS header missing... Well if I were testing an e-commerce site that might make sense, but actually I want http access.
That's why you have the option of passing a rules file. If you don't care about HSTS then configure it as such...
- https://github.com/zaproxy/action-baseline#rules_file_name
- https://www.zaproxy.org/docs/docker/baseline-scan/
from action-baseline.
Related Issues (20)
- xml placeholder file not created as part of execution causing -x flag HOT 1
- Update to Node 20
- PermissionError: [Errno 13] Permission denied: '/zap/wrk/ HOT 12
- Show error if rule file not found HOT 2
- Put ignored alerts in a details tag HOT 1
- Permission issue while Ajax scanning with root user HOT 2
- Octokit problem HOT 29
- Error on fail_action HOT 1
- Capturing the ZAP scan run results and publish into Slack HOT 2
- OUTOFSCOPE doesn't seem to be working HOT 7
- Feature Request: Allow specifying artifact name HOT 6
- `Cannot listen on port 0.0.0.0:60926` error HOT 5
- Cannot turn off GitHub issue filing HOT 7
- GitHub Code Scanning Integration HOT 12
- Automation Framework - compatible with config file / basic auth? HOT 1
- Can't run with Ajax spider HOT 4
- Feature: Allows the use of Docker Volume Mount for /zap/wrk/
- Upgrade to node 16
- Nodejs 12 deprecated, upgrade to Nodejs 16. HOT 10
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from action-baseline.