"nightly" owasp scan after qasp deployment

andrew-jameson commented 1 year ago

Description: We have a persistent pipeline failure for the nightly scan, please see supporting documentation.

Acceptance Criteria:

[ ] Ensure nightly scan is running to completion successfully and pipeline reflects status
[ ] Ensure artifacts are being saved to security tab in staging/prod apps.
[ ] Testing Checklist has been run and all tests pass
[ ] README is updated, if necessary

Tasks:

[ ] Investigate pipeline or ZAP failure for resolution
[ ] Run Testing Checklist and confirm all tests pass

Notes:

Supporting Documentation:

https://app.circleci.com/insights/github/raft-tech/TANF-app/workflows/nightly/overview

Open Questions:

robgendron commented 2 months ago

@ADPennington @lfrohlich, is this still needed or can it be closed?

ADPennington commented 2 months ago

@ADPennington @lfrohlich, is this still needed or can it be closed?

Yes this is still needed.

robgendron commented 4 days ago

Needs investigation to ensure artifacts are uploaded but this may no longer be needed given other work on zap in the past unless the uploads are failing.

ADPennington commented 4 days ago

Needs investigation to ensure artifacts are uploaded but this may no longer be needed given other work on zap in the past unless the uploads are failing.

@robgendron worth some discussion before closing. the original goal for this ticket is to have the zap scan run in a deployed apps when the qasp label is added to PRs. it currently does not.

raft-tech / TANF-app

"nightly" owasp scan after qasp deployment #2526