ZAP Automation plan integration with Github action.
8 views
Skip to first unread message
pradeep kandale
Mar 8, 2026, 7:47:47 AM (2 days ago) Mar 8
to ZAP User Group
Hi All,
Plan.yml
- type: report
parameters:
template: sarif-json
theme: null
reportDir: /zap/wrk/
reportFile: report.json
reportTitle: ODIP ZAP API SCAN SARIF REPORT
reportDescription: This SARIF report contains vulnerabilities reported through OWASP
ZAP Scan
risks:
- low
- medium
- high
confidences:
- low
- medium
- high
- confirmed
parameters:
template: sarif-json
theme: null
reportDir: /zap/wrk/
reportFile: report.json
reportTitle: ODIP ZAP API SCAN SARIF REPORT
reportDescription: This SARIF report contains vulnerabilities reported through OWASP
ZAP Scan
risks:
- low
- medium
- high
confidences:
- low
- medium
- high
- confirmed
It creates the report.json file in the docker.
Workflow file has 2 sections- 1. Verify SARIF exists and Upload SARIF to GitHub Code Scanning
- name: Verify SARIF exists
run: |
ls -l
test -f report.json
- name: Upload SARIF to GitHub Code Scanning
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: report.json
category: zap-af-api
wait-for-processing: true.
run: |
ls -l
test -f report.json
- name: Upload SARIF to GitHub Code Scanning
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: report.json
category: zap-af-api
wait-for-processing: true.
but gives an error - "SARIF URI scheme "https" did not match the checkout URI scheme "file", SARIF URI scheme "https" did not match the checkout URI scheme "file"".
and Verified that, the file is present but then it dosent upload the report.json to GitHub Code Scanning tab on Github security.
Could you please help.
Thanks,
Pradeep Kandale
Reply all
Reply to author
Forward
0 new messages