From 740a732d21cda22ecbd0ee4b0cc47f1c30a058ff Mon Sep 17 00:00:00 2001
From: carmithersh <carmith@jfrog.com>
Date: Wed, 5 Feb 2025 16:56:50 +0200
Subject: [PATCH] CCS-4 - zap scanning evidence 8

---
 .github/workflows/zap-evidence-example.yml | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/zap-evidence-example.yml b/.github/workflows/zap-evidence-example.yml
index 47cda82..059a14d 100644
--- a/.github/workflows/zap-evidence-example.yml
+++ b/.github/workflows/zap-evidence-example.yml
@@ -37,12 +37,13 @@ jobs:
         run: |
           docker pull ghcr.io/zaproxy/zaproxy:stable
           # zap test the mock site https://www.example.com
-          docker run -v $PWD:/zap/wrk/:rw -t ghcr.io/zaproxy/zaproxy:stable zap-full-scan.py -t https://www.example.com  -J report_json.json || true
+          docker run -v /tmp:/zap/wrk/:rw  -t ghcr.io/zaproxy/zaproxy:stable zap-full-scan.py -t https://www.example.com  -J report_json.json || true
           echo "Zap completed"
+          ls -ltr /tmp
           # create summary json
-          cat report_json.json | jq -r '.site[].alerts[].riskcode'   | sort | uniq -c | awk '{print "{\"riskcode\":\"" $2 "\", \"count\":" $1 "},"}' | sed '$ s/,$//' | awk 'BEGIN {print "["} {print} END {print "]"}' > report_summary.json
+          cat /tmp/report_json.json | jq -r '.site[].alerts[].riskcode'   | sort | uniq -c | awk '{print "{\"riskcode\":\"" $2 "\", \"count\":" $1 "},"}' | sed '$ s/,$//' | awk 'BEGIN {print "["} {print} END {print "]"}' > report_summary.json
           # create full report predicate  
-          jq -s '{summary: .[0], details: .[1]}' report_summary.json report_json.json  > summary.json
+          jq -s '{summary: .[0], details: .[1]}' report_summary.json /tmp/report_json.json  > summary.json
           echo "-----------Summary of ZAP scan-----------"
           cat summary.json