Merge pull request #812 from bcgov/yj

chore: zap api

Author: ychung-mot

.github/workflows/zap-api-scan.yml

@@ -3,10 +3,6 @@ name: Run ZAP API Scan
 on:
   workflow_dispatch:
     inputs:
-      api_url:
-        type: string
-        description: The base URL of the API to scan
-        default: https://dev.strdata.gov.bc.ca/api
       spec_url:
         type: string
         description: The URL of the OpenAPI/GraphQL spec
@@ -21,19 +17,17 @@ jobs:
       issues: write
 
     steps:
-    - uses: actions/checkout@v3
-
-    - name: ZAP API Scan
-      uses: zaproxy/action-api-scan@v0.9.0
-      with:
-        token: ${{ secrets.GITHUB_TOKEN }}
-        api_url: ${{ github.event.inputs.api_url }}
-        openapi: ${{ github.event.inputs.spec_url }}
-        rules_file_name: '.zap/rules.tsv'
-        context_file: '.zap/context.context'
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          ref: main
 
-    - name: Upload ZAP Scan Report
-      uses: actions/upload-artifact@v3
-      with:
-        name: zap-api-scan-report
-        path: zap_api_scan_report.html
+      - name: ZAP API Scan
+        uses: zaproxy/action-api-scan@v0.9.0
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          docker_name: 'ghcr.io/zaproxy/zaproxy:stable'
+          format: openapi
+          target: ${{ github.event.inputs.spec_url }}
+          rules_file_name: '.zap/rules.tsv'
+          cmd_options: '-a'