Add basic ZAP integration test

Author: J12934

.github/workflows/ci.yaml

@@ -403,6 +403,9 @@ jobs:
         run: |
           # Install dummy-ssh app
           helm -n demo-apps install dummy-ssh ./demo-apps/dummy-ssh/ --wait
+          # Install plain nginx server
+          kubectl create deployment --image nginx:alpine nginx --namespace demo-apps
+          kubectl expose deployment nginx --port 80 --namespace demo-apps
       - name: "nmap Integration Tests"
         run: |
           helm -n integration-tests install nmap ./scanners/nmap/ --set="parserImage.tag=sha-$(git rev-parse --short HEAD)"
@@ -423,6 +426,11 @@ jobs:
           helm -n integration-tests install ssh-scan ./scanners/ssh_scan/ --set="parserImage.tag=sha-$(git rev-parse --short HEAD)"
           cd tests/integration/
           npx jest --ci --color ssh-scan
+      - name: "ssh-scan Integration Tests"
+        run: |
+          helm -n integration-tests install zap ./scanners/zap/ --set="parserImage.tag=sha-$(git rev-parse --short HEAD)"
+          cd tests/integration/
+          npx jest --ci --color zap
       - name: Inspect Post Failure
         if: failure()
         run: |

tests/integration/scanner/zap.test.js

@@ -0,0 +1,25 @@
+const { scan } = require("../helpers");
+
+test(
+  "zap baseline scan against a plain nginx container should only find couple findings",
+  async () => {
+    const { categories, severities } = await scan(
+      "zap-nginx-baseline",
+      "zap-baseline",
+      ["-t", "http://nginx.demo-apps.svc"],
+      60 * 4
+    );
+
+    expect(categories).toMatchObject({
+      "Content Security Policy (CSP) Header Not Set": 1,
+      'Server Leaks Version Information via "Server" HTTP Response Header Field': 1,
+      "X-Content-Type-Options Header Missing": 1,
+      "X-Frame-Options Header Not Set": 1,
+    });
+    expect(severities).toMatchObject({
+      low: 3,
+      medium: 1,
+    });
+  },
+  5 * 60 * 1000
+);