test: owasp reusable

.github/workflows/owasp.yaml

@@ -0,0 +1,10 @@
+name: zap-scan
+on:
+  workflow_dispatch:
+  push:
+jobs:
+  zap-scan:
+    uses: button-inc/button-shared-gh-actions/.github/workflows/scan-code-owasp-zap.yml@develop
+    with:
+      working-directory: ./app
+      target-url: 'http://localhost:3000/applicantportal'

.github/workflows/sonarcloud.yaml

@@ -1,7 +1,6 @@
 name: sonarcloud-scan
 on:
   workflow_dispatch:
-  push:
 jobs:
   sonarcloud-scan:
     uses: button-inc/button-shared-gh-actions/.github/workflows/scan-code-sonarcloud.yml@develop

.github/workflows/test-containers.yaml

@@ -43,15 +43,7 @@ jobs:
       - name: run app locally
         uses: ./.github/actions/local-app-run
       - name: ZAP Full Scan
-        uses: zaproxy/[email protected]
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
-          docker_name: 'owasp/zap2docker-stable'
-          target: 'http://localhost:3000/applicantportal'
-          rules_file_name: '.zap/rules.tsv'
-          cmd_options: '-a -d -T 5 -m 2'
-          issue_title: OWASP Full Scan
-          fail_action: true
+        uses: ./.github/workflows/owasp.yaml
 
   trivy-scan-app:
     runs-on: ubuntu-latest