Skip to content

Task 4 TBO #38

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
avangie wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Task 4 TBO #38

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
e457f41
add security scan (zad3)
avangie Dec 15, 2025
7ae1a53
fix dockerfile
avangie Dec 15, 2025
413a601
zap analysis
avangie Dec 15, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 32 additions & 0 deletions .github/workflows/security-scan.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
name: Security Scan

on:
push:
branches: [ "main" ]
pull_request:
branches: [ "main" ]

jobs:
security-tests:
runs-on: ubuntu-latest

steps:
- name: Check out code
uses: actions/checkout@v2

- name: Build Docker image
run: |
docker build -t myapp:latest .
- name: Run Trivy scan
uses: aquasecurity/trivy-action@0.29.0
with:
image-ref: 'myapp:latest'
vuln-type: 'os,library'
format: 'table'

- name: Install Semgrep
run: |
sudo pip install semgrep --ignore-installed rich
- name: Run Semgrep SAST
run: |
semgrep --config p/security-audit --error --json .
5 changes: 2 additions & 3 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
# ---- Build Stage ----
# Use Maven base image from the Docker Hub
FROM maven:3.8.3-openjdk-11-slim AS build
FROM maven:3.9-eclipse-temurin-11 AS build

# Set the current working directory inside the image
WORKDIR /app
Expand All @@ -13,7 +12,7 @@ COPY pom.xml /app
RUN mvn clean install -DskipTests

# ---- Deploy Stage ----
FROM openjdk:11-jdk-slim
FROM eclipse-temurin:11-jre

# Copy the built JAR from the build stage
COPY --from=build /app/target/thymeleaf-0.0.1-SNAPSHOT.jar /app.jar
Expand Down
33 changes: 33 additions & 0 deletions zap.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
env:
contexts:
- excludePaths: []
name: baseline
urls:
- http://host.docker.internal:8080
parameters:
failOnError: true
progressToStdout: false
jobs:
- parameters:
enableTags: false
maxAlertsPerRule: 10
type: passiveScan-config
- parameters:
maxDuration: 1
url: http://host.docker.internal:8080
type: spider
- parameters:
maxDuration: 0
type: passiveScan-wait
- parameters:
format: Long
summaryFile: /home/zap/zap_out.json
rules: []
type: outputSummary
- parameters:
reportDescription: ''
reportDir: /zap/wrk/
reportFile: zap_report.html
reportTitle: ZAP Scanning Report
template: traditional-html
type: report
Loading