-
Notifications
You must be signed in to change notification settings - Fork 54
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Automation Framework - compatible with config file / basic auth? #68
Comments
@a-h - I've spent the morning looking at the same issue (site behind basic auth) and have configured the below (which draws the basic auth base64 hash from a github secret). Building on your posted solution from last year, this is a slightly different tact in that it doesn't require a config file (as the args are all supplied through command options). It's a little ugly - but in positive news - it does work with the ZAP Github actions out of the box and avoids secrets needing to be stored in files 👍
|
I'm using the ZAP baseline action to scan an application that, in the testing environment, is protected by basic auth.
I documented how to do this here: https://adrianhesketh.com/2020/07/07/owasp-baseline-scan-with-basic-auth-in-docker-github-actions/
It requires the use of a config file:
And setting the parameter to use it.
When I tried out the same approach this year, I got the following errors:
However, bypassing the Automation Framework with the
--autooff
flag got me the expected results - a working scan.Not sure how to proceed....
The text was updated successfully, but these errors were encountered: