broadinstitute · sarahgibs · Dec 2, 2025 · Dec 2, 2025 · Dec 2, 2025 · Dec 2, 2025
diff --git a/batch/entrypoint.py b/batch/entrypoint.py
@@ -69,6 +69,7 @@ def callback(msg: Message):
             log.info("Submitting job %s with input(s) %s", job_name, job_inputs)
 
             new_job = get_job(job, job_name, job_inputs)
+            # this returns response.data from the underlying api call.
             batch_api.create_namespaced_job(namespace, new_job)
             log.info("Submitted job %s", job_name)
 

diff --git a/zap/deployment.yaml b/zap/deployment.yaml
@@ -222,6 +222,20 @@ items:
             containers:
             - << : *cron-job-container
               args: ['trigger', '-s', 'auth', 'api', 'iapauth']
+- << : *cron-job
+  metadata:
+    name: ${CRON_JOB}-baseline
+    namespace: ${NAMESPACE}
+  spec:
+    schedule: "1 1 1 1 *"
+    jobTemplate:
+      spec:
+        template:
+          spec:
+            << : *cron-job-spec
+            containers:
+            - << : *cron-job-container
+              args: ['trigger', '-s', 'baseline']
 - << : *cron-job
   metadata:
     name: ${CRON_JOB}-hail

diff --git a/zap/src/scan.py b/zap/src/scan.py
@@ -209,7 +209,8 @@ def get_codedx_report_by_alert_severity(
     """
     logging.info("Getting PDF report from Codedx project: %s", project)
     report_date = datetime.now()
-    report_file = f'{project.replace("-", "_")}_report_{report_date:%Y%m%d}.pdf'
+    project_name = project.replace("-", "_").replace('.','').replace("/","").replace(":","")
+    report_file = f'{project_name}_report_{report_date:%Y%m%d}.pdf'
     filters = {
         "severity": [s.value for s in severities],
         "status": ["new", "unresolved", "reopened", "escalated"],
@@ -467,8 +468,8 @@ def upload_googledrive(scan_type, zap_filename, codedx_project, report_file, sla
     """
     root_id = os.getenv('DRIVE_ROOT_ID', None)
     drive_id = os.getenv('DRIVE_ID', None)
-    if scan_type in (ScanType.BASELINE):
-        return
+    # if scan_type in (ScanType.BASELINE):
+    #     return
     try:
         logging.info('Setting up the google drive API service for uploading reports.')
         if scan_type in (ScanType.HAILAPI, ScanType.HAILAUTH):
@@ -574,7 +575,7 @@ def main(): # pylint: disable=too-many-locals
 
             # optionally, upload them to GCS
             xml_report_url = ""
-            if scan_type is not ScanType.BASELINE:
+            if scan_type is not None:
                 xml_report_url = upload_gcs(
                     bucket_name,
                     scan_type,

diff --git a/zap/src/zap.py b/zap/src/zap.py
@@ -294,7 +294,8 @@ def zap_report(zap: ZAPv2, project: str, scan_type: ScanType, sites: str):
     # The more advanced zap report api calls require a directory local to zap
     # But you can download known files from /home/zap/.ZAP/transfer if you use an API key
     date = datetime.today()
-    filename = f"{project}_{scan_type}-scan_report-{date.strftime('%Y-%m-%d')}.xml"
+    project_name = project.replace("-", "_").replace('.','').replace("/","").replace(":","")
+    filename = f"{project_name}_{scan_type}-scan_report-{date.strftime('%Y-%m-%d')}.xml"
     filename = filename.replace("-", "_").replace(" ", "")
 
     template = "traditional-xml"
@@ -324,7 +325,8 @@ def zap_save_session(zap: ZAPv2,
     """
     share_path = os.getenv("VOLUME_SHARE")
     share_path_sess = share_path+"/session/"
-    session_filename = f"{project}_{scan_type}-session"
+    project_name = project.replace("-", "_").replace('.','').replace("/","").replace(":","")
+    session_filename = f"{project_name}_{scan_type}-session"
     session_filename = session_filename.replace("-", "_").replace(" ", "")
     # zap scanner container saves session to shared volume
     zap.core.save_session(share_path_sess+session_filename)
@@ -412,7 +414,7 @@ def zap_compliance_scan(
     # and can provide more granular authentication controls.
 
     # Scan types:
-    # BASELINE - unauthenticated, no active scan.
+    # BASELINE - unauthenticated.
     # API - authenticated with SA, imports openid config, active scan is performed.
     # UI - authenticated with SA, active scan and ajax spider is performed.
     # AUTH - authenticated with SA, active scan is performed.
@@ -457,7 +459,7 @@ def zap_compliance_scan(
         zap.ajaxSpider.scan(target_url, contextname=project)
 
 
-    if scan_type != ScanType.BASELINE:
+    if scan_type != None:
         logging.info("starting zap active scan for %s", target_url)
         zap.ascan.scan(target_url, contextid=context_id, recurse=True)