Generate and Download Scan Result

The scan result of the web application scan depends on the input parameters you submit in workflows of Qualys GitHub Actions for WAS. Also, you have to specify the repository name in the workflow to download the scan result. The procedure to generate and download the scan results is explained in the following subsections.

Generate Scan Result

Scan result for web application scanning depends on the input parameters you submitted while launching the scan.

The following are two scenarios that generate different scan results using the same parameter.

• WAIT_FOR_RESULT is true
• WAIT_FOR_RESULT is false

When a WAIT_FOR_RESULT is true, and the build is passed then the scan results are generated in JSON file. But when a build fails due to failure conditions, the scan result is generated along with the evaluation result in the JSON file.

You can download this JSON file from the Artifacts section of your repository.

If WAIT_FOR_RESULT is false, then the GitHub action does not wait for the scan result. Once the scan is launched through API, it provides a link to the scan report, which directs to the scan result in Qualys WAS UI, and the build is passed.

Download Scan Result

The .yaml file contains the checkout steps to download the scan result. You can provide the path of your repository in checkout steps, to download the scan result from GitHub. If the repository is private, then add the Personal Access Token (PAT) in the checkout step.

Refer to the following sample of checkout steps to add in .yaml file.

- name: checkout code

uses: actions/checkout@v3

with:

repository: GITHUB_USERNAME/REPOSITORY_NAME

ref: BRANCH_NAME

path: ./

PAT: ${{ secrets.ACCESS_TOKEN }}

- name: Download Result

uses: actions/download-artifact@v3

with:

name: Qualys_WAS_Scan_Result

path: PATH_TO_TARGET_DIRECTORY