Update security.yml

.github/workflows/security.yml

@@ -41,28 +41,7 @@ jobs:
 
   # 3) ZAP Scan Job
   # Bu job'ın çalışması için önce "Sast-scan" job'ının tamamlanması gerekiyor.
-  zap_scan:
-    name: ZAP Full Scan
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v3
-
-      - name: ZAP Scan
-        uses: zaproxy/[email protected]
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
-          docker_name: 'ghcr.io/zaproxy/zaproxy:stable'
-          target: 'https://demo.owasp-juice.shop/#/'
-          rules_file_name: '.zap/rules.tsv'
-          cmd_options: '-a'
-          sarif: 'true'                # SARIF üretimini açıyoruz
-          sarif_file_name: 'zap.sarif' # Üretilecek SARIF dosyasının adı
-
-      - name: Upload Zap scan SARIF report
-        uses: github/codeql-action/upload-sarif@v3
-        with:
-          sarif_file: 'zap.sarif'
+
 
   # 4) Gitleaks-scan Job
   # Bu job'ın çalışması için önce "zap_scan" job'ının tamamlanması gerekiyor.
@@ -106,3 +85,20 @@ jobs:
         with:
           name: sbom-artifact
           path: sbom.spdx.json
+
+
+  zap_scan:
+    name: ZAP Full Scan
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: ZAP Scan
+        uses: zaproxy/[email protected]
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          docker_name: 'ghcr.io/zaproxy/zaproxy:stable'
+          target: 'https://demo.owasp-juice.shop/#/'
+          rules_file_name: '.zap/rules.tsv'
+          cmd_options: '-a'