Add Slack notification

.github/workflows/security.yml

@@ -25,6 +25,7 @@ jobs:
         run: envsubst < "$CONFIG_FILE" > "$CONFIG_FILE.tmp" && mv "$CONFIG_FILE.tmp" "$CONFIG_FILE" && cat "$CONFIG_FILE"
         env:
           CONFIG_FILE: ${{ github.workspace }}/.zap/autorun.yml
+          SUMMARY_FILE: ${{ github.workspace }}/.zap/summary.json
           ZAP_USERNAME: ${{ secrets.ZAP_USERNAME }}
           ZAP_PASSWORD: ${{ secrets.ZAP_PASSWORD }}
         shell: bash
@@ -36,6 +37,12 @@ jobs:
           CONFIG_FILE: ${{ github.workspace }}/.zap/autorun.yml
         shell: bash
 
+      - name: Upload report
+        uses: actions/upload-artifact@v4
+        with:
+          name: zap-report
+          path: ${{ github.workspace }}/.zap/zap-report
+
       - name: Publish HTML report
         uses: JamesIves/github-pages-deploy-action@65b5dfd4f5bcd3a7403bbc2959c144256167464e # v4.5.0
         with:
@@ -45,8 +52,62 @@ jobs:
       - name: Add HTML report URL to the job summary
         run: echo '[🛡️ OWASP ZAP Report](https://ministryofjustice.github.io/hmpps-manage-a-supervision-ui/zap-report)' | tee -a "$GITHUB_STEP_SUMMARY"
 
-      - name: Upload report
-        uses: actions/upload-artifact@v4
+      - name: Parse summary
+        id: summary
+        run: |
+          echo "pass=$(jq '.pass // 0' $SUMMARY_FILE)" | tee -a "$GITHUB_OUTPUT"
+          echo "fail=$(jq '.fail // 0' $SUMMARY_FILE)" | tee -a "$GITHUB_OUTPUT"
+          echo "warn=$(jq '.warn // 0' $SUMMARY_FILE)" | tee -a "$GITHUB_OUTPUT"
+        env:
+          SUMMARY_FILE: ${{ github.workspace }}/.zap/summary.json
+        shell: bash
+
+      - name: Send message to Slack
+        uses: slackapi/slack-github-action@6c661ce58804a1a20f6dc5fbee7f0381b469e001 # v1.25.0
+        if: steps.summary.outputs.failed != '0'
         with:
-          name: zap-report
-          path: ${{ github.workspace }}/.zap/zap-report
+          channel-id: probation-integration-notifications
+          payload: |
+            {
+              "blocks": [
+                {
+                  "type": "section",
+                  "text": {
+                    "type": "mrkdwn",
+                    "text": "🛡️ *Manage a Supervision* ZAP report"
+                  }
+                },
+                {
+                  "type": "context",
+                  "elements": [
+                    {
+                      "type": "mrkdwn",
+                      "text": ">${{ steps.summary.outputs.pass }} tests passed, ${{ steps.summary.outputs.fail }} failed, and there were ${{ steps.summary.outputs.warn }} warnings."
+                    }
+                  ]
+                },
+                {
+                  "type": "actions",
+                  "elements": [
+                    {
+                      "type": "button",
+                      "text": {
+                        "type": "plain_text",
+                        "text": "📈 Report"
+                      },
+                      "url": "https://ministryofjustice.github.io/hmpps-manage-a-supervision-ui/zap-report"
+                    },
+                    {
+                      "type": "button",
+                      "text": {
+                        "type": "plain_text",
+                        "text": "📝 Logs"
+                      },
+                      "url": "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
+                    }
+                  ]
+                }
+              ]
+            }
+        env:
+          SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}

.zap/autorun.yml

@@ -58,6 +58,11 @@ jobs:
     parameters:
       context: "HMPPSAuth"
       user: "TestUser"
+      maxScanDurationInMins: 5 # minutes
+  - type: outputSummary
+    parameters:
+      format: "Short"
+      summaryFile: "$SUMMARY_FILE"
   - type: report
     parameters:
       reportDir: "zap-report"