From 0b31a9d581b1020298f4d20cacb8abf56695953f Mon Sep 17 00:00:00 2001
From: Andrey Valynko <andrey.valynko@intergiro.com>
Date: Mon, 22 Apr 2024 17:42:53 +0200
Subject: [PATCH 1/4] feat: add zap-api-scan workflow

---
 .github/workflows/zap-api-scan.yaml | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100644 .github/workflows/zap-api-scan.yaml

diff --git a/.github/workflows/zap-api-scan.yaml b/.github/workflows/zap-api-scan.yaml
new file mode 100644
index 0000000..e111e5f
--- /dev/null
+++ b/.github/workflows/zap-api-scan.yaml
@@ -0,0 +1,29 @@
+name: ZAP API scan
+
+on:
+  workflow_call:
+    inputs:
+      service_apispec_url:
+        type: string
+        required: true
+    secrets:
+      ACTIONS_TOKEN:
+        required: true
+
+jobs:
+  zap_scan:
+    runs-on: [self-hosted, common]
+    name: Scan the webapplication
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: ZAP Scan
+        uses: zaproxy/action-api-scan@v0.7.0
+        with:
+          token: ${{ secrets.ACTIONS_TOKEN }}
+          docker_name: 'ghcr.io/zaproxy/zaproxy:stable'
+          format: openapi
+          target: '${{ inputs.service_apispec_url }}'
+          fail_action: true
+          allow_issue_writing: false
\ No newline at end of file

From e2cd0dd05be02147ceaddb7e4764d65f2f66a347 Mon Sep 17 00:00:00 2001
From: Andrey Valynko <andrey.valynko@intergiro.com>
Date: Mon, 22 Apr 2024 18:06:10 +0200
Subject: [PATCH 2/4] feat: add zap-baseline-scan workflow

---
 .github/workflows/zap-api-scan.yaml      |  3 +--
 .github/workflows/zap-baseline-scan.yaml | 28 ++++++++++++++++++++++++
 2 files changed, 29 insertions(+), 2 deletions(-)
 create mode 100644 .github/workflows/zap-baseline-scan.yaml

diff --git a/.github/workflows/zap-api-scan.yaml b/.github/workflows/zap-api-scan.yaml
index e111e5f..d3b1c67 100644
--- a/.github/workflows/zap-api-scan.yaml
+++ b/.github/workflows/zap-api-scan.yaml
@@ -13,12 +13,11 @@ on:
 jobs:
   zap_scan:
     runs-on: [self-hosted, common]
-    name: Scan the webapplication
     steps:
       - name: Checkout
         uses: actions/checkout@v4
 
-      - name: ZAP Scan
+      - name: ZAP API Scan
         uses: zaproxy/action-api-scan@v0.7.0
         with:
           token: ${{ secrets.ACTIONS_TOKEN }}
diff --git a/.github/workflows/zap-baseline-scan.yaml b/.github/workflows/zap-baseline-scan.yaml
new file mode 100644
index 0000000..a956956
--- /dev/null
+++ b/.github/workflows/zap-baseline-scan.yaml
@@ -0,0 +1,28 @@
+name: ZAP Baseline scan
+
+on:
+  workflow_call:
+    inputs:
+      service_apispec_url:
+        type: string
+        required: true
+    secrets:
+      ACTIONS_TOKEN:
+        required: true
+
+jobs:
+  zap_scan:
+    runs-on: [self-hosted, common]
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: ZAP Baseline Scan
+        uses: zaproxy/action-baseline@v0.12.0
+        with:
+          token: ${{ secrets.ACTIONS_TOKEN }}
+          docker_name: 'ghcr.io/zaproxy/zaproxy:stable'
+          format: openapi
+          target: '${{ inputs.service_apispec_url }}'
+          fail_action: true
+          allow_issue_writing: true
\ No newline at end of file

From ada1a043483ca88ac0d835e6a147e40916f05af9 Mon Sep 17 00:00:00 2001
From: Andrey Valynko <andrey.valynko@intergiro.com>
Date: Mon, 22 Apr 2024 18:12:22 +0200
Subject: [PATCH 3/4] fix: add job name for zap scans

---
 .github/workflows/zap-api-scan.yaml      | 1 +
 .github/workflows/zap-baseline-scan.yaml | 1 +
 2 files changed, 2 insertions(+)

diff --git a/.github/workflows/zap-api-scan.yaml b/.github/workflows/zap-api-scan.yaml
index d3b1c67..6bb1126 100644
--- a/.github/workflows/zap-api-scan.yaml
+++ b/.github/workflows/zap-api-scan.yaml
@@ -13,6 +13,7 @@ on:
 jobs:
   zap_scan:
     runs-on: [self-hosted, common]
+    name: API scan
     steps:
       - name: Checkout
         uses: actions/checkout@v4
diff --git a/.github/workflows/zap-baseline-scan.yaml b/.github/workflows/zap-baseline-scan.yaml
index a956956..acf7c0f 100644
--- a/.github/workflows/zap-baseline-scan.yaml
+++ b/.github/workflows/zap-baseline-scan.yaml
@@ -13,6 +13,7 @@ on:
 jobs:
   zap_scan:
     runs-on: [self-hosted, common]
+    name: Baseline scan
     steps:
       - name: Checkout
         uses: actions/checkout@v4

From e2ce54e8e6efa632cad2887c5344d0ecc15d851f Mon Sep 17 00:00:00 2001
From: Andrey Valynko <andrey.valynko@intergiro.com>
Date: Wed, 24 Apr 2024 15:30:52 +0200
Subject: [PATCH 4/4] fix: change input name for baseline scan

---
 .github/workflows/zap-baseline-scan.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/zap-baseline-scan.yaml b/.github/workflows/zap-baseline-scan.yaml
index acf7c0f..ebb3181 100644
--- a/.github/workflows/zap-baseline-scan.yaml
+++ b/.github/workflows/zap-baseline-scan.yaml
@@ -3,7 +3,7 @@ name: ZAP Baseline scan
 on:
   workflow_call:
     inputs:
-      service_apispec_url:
+      service_url:
         type: string
         required: true
     secrets:
@@ -24,6 +24,6 @@ jobs:
           token: ${{ secrets.ACTIONS_TOKEN }}
           docker_name: 'ghcr.io/zaproxy/zaproxy:stable'
           format: openapi
-          target: '${{ inputs.service_apispec_url }}'
+          target: '${{ inputs.service_url }}'
           fail_action: true
           allow_issue_writing: true
\ No newline at end of file