You guys are awesome.

What a great tool to automate API Scanning!

Describe the Issue
We recently updated our action from 0.1.0 to 0.3.1 and it stopped working.

Expected Behaviour
If we want to create the report_html.html file with a different name and therefore supply the option -r mySpecDefinition.html we would expect to create the report from the scan with the provided filename.

Steps to reproduce
given this step:

      - name: ZAP API Scan
        uses: zaproxy/[email protected]
        with:
          target: 'https://www.myapi.de/mydocs/mySpecDefinition.json'
          cmd_options: '-r mySpecDefinition.html'

it fails with this error

ERROR [Errno 13] Permission denied: '/zap/wrk/mySpecDefinition.html'
2023-07-14 04:45:17,559 I/O error: [Errno 13] Permission denied: '/zap/wrk/mySpecDefinition.html'
Traceback (most recent call last):
  File "/zap/zap-api-scan.py", line 580, in main
    write_report(os.path.join(base_dir, report_html), zap.core.htmlreport())
  File "/zap/zap_common.py", line 564, in write_report
    with open(file_path, mode='wb') as f:
PermissionError: [Errno 13] Permission denied: '/zap/wrk/mySpecDefinition.html'

Current Workaround
as a workaround we rename the file in a step but we would expect the action to do this out of the box by providing the -r option

      - name: rename file
        run: mv ./report_html.html ./mySpecDefinition.html

Hi,

Can a new version be published with node 16 please? The current one is complaining about outdated node version.

Cheers

Description

Similar to zaproxy/action-baseline#17, new issues are opened even with existing issues open when providing a GitHub token, as there is a hardcoded check for the GitHub Actions bot. Simply bumping the version of actions-common-scans to 1.0.2 should resolve this issue.

Node 16 is now deprecated and thus soon a deprecation warning will be displayed when this action runs. Please update to Node 20.

Related:

• zaproxy/action-full-scan#80
• zaproxy/action-baseline#114

Hey guys, when will you add the tag to the latest commit? I would like to get rid of node version 12 but v0.2.0 is not include the commit of upgrading node version.

I am using ZAP api scan to scan java applications , here am using my own docker hub
getting below error
starting the program

/usr/bin/touch report_json.json report_md.md report_html.html
/usr/bin/chmod a+w report_json.json report_md.md report_html.html
/usr/bin/docker pull /my-java-app:latest -q
docker.io//my-java-app:latest
/usr/bin/docker run -v /_work/test-insignia/test-insignia:/zap/wrk/:rw --network=host -e ZAP_AUTH_HEADER -e ZAP_AUTH_HEADER_VALUE -e ZAP_AUTH_HEADER_SITE -t ***/my-java-app:latest zap-api-scan.py -t My own url here/ -f openapi -J report_json.json -w report_md.md -r report_html.html
docker: Error response from daemon: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: exec: "zap-api-scan.py": executable file not found in $PATH: unknown.
time="2023-08-17T17:17:35+05:30" level=error msg="error waiting for container: context canceled"
Scanning process completed, starting to analyze the results!
Failed to locate the json report generated by ZAP Scan!