Adding zap full scan github action

Author: sshniro

.gitignore

@@ -80,7 +80,6 @@ typings/
 
 # Nuxt.js build / generate output
 .nuxt
-dist
 
 # Gatsby files
 .cache/

action.yml

@@ -0,0 +1,29 @@
+name: 'OWASP ZAP Full Scan'
+description: 'Scans the web application with the OWASP ZAP Baseline Scan'
+branding:
+  icon: 'zap'
+  color: 'blue'
+inputs:
+  token:
+    description: 'GitHub Token to create issues in the repository'
+    required: true
+  target:
+    description: 'Target URL'
+    required: true
+  rules_file_name:
+    description: 'Relative path of the ZAP configuration file'
+    required: false
+  docker_name:
+    description: 'The Docker file to be executed'
+    required: true
+    default: 'owasp/zap2docker-stable'
+  cmd_options:
+    description: 'Additional command line options'
+    required: false
+  issue_title:
+    description: 'The title for the GitHub issue that is created'
+    required: false
+    default: 'ZAP Scan Baseline Report'
+runs:
+  using: 'node12'
+  main: 'dist/index.js'

index.js

@@ -0,0 +1,50 @@
+const core = require('@actions/core');
+const exec = require('@actions/exec');
+const common = require('actions-common-scans');
+const _ = require('lodash');
+
+// Default file names
+let jsonReportName = 'report_json.json';
+let mdReportName = 'report_md.md';
+let htmlReportName = 'report_html.html';
+
+async function run() {
+
+    try {
+        let workspace = process.env.GITHUB_WORKSPACE;
+        let currentRunnerID = process.env.GITHUB_RUN_ID;
+        let repoName = process.env.GITHUB_REPOSITORY;
+        let token = core.getInput('token');
+        let docker_name = core.getInput('docker_name');
+        let target = core.getInput('target');
+        let rulesFileLocation = core.getInput('rules_file_name');
+        let cmdOptions = core.getInput('cmd_options');
+        let issueTitle = core.getInput('issue_title');
+
+        console.log('starting the program');
+        console.log('github run id :' + currentRunnerID);
+
+        let plugins = [];
+        if (rulesFileLocation) {
+            plugins = await common.helper.processLineByLine(`${workspace}/${rulesFileLocation}`);
+        }
+
+        let command = (`docker run --user root -v ${workspace}:/zap/wrk/:rw --network="host" ` +
+            `-t ${docker_name} zap-full-scan.py -t ${target} -J ${jsonReportName} -w ${mdReportName}  -r ${htmlReportName} ${cmdOptions}`);
+
+        if (plugins.length !== 0) {
+            command = command + ` -c ${rulesFileLocation}`
+        }
+
+        try {
+            await exec.exec(command);
+        } catch (err) {
+            core.setFailed('The ZAP Baseline scan has failed, starting to analyze the alerts. err: ' + err.toString());
+        }
+        await common.main.processReport(token, workspace, plugins, currentRunnerID, issueTitle, repoName);
+    } catch (error) {
+        core.setFailed(error.message);
+    }
+}
+
+run();