feat: add zap-api-scan workflow

Author: andreyvalynko-int

.github/workflows/zap-api-scan.yaml

@@ -0,0 +1,29 @@
+name: ZAP API scan
+
+on:
+  workflow_call:
+    inputs:
+      service_apispec_url:
+        type: string
+        required: true
+    secrets:
+      ACTIONS_TOKEN:
+        required: true
+
+jobs:
+  zap_scan:
+    runs-on: [self-hosted, common]
+    name: Scan the webapplication
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: ZAP Scan
+        uses: zaproxy/action-api-scan@v0.7.0
+        with:
+          token: ${{ secrets.ACTIONS_TOKEN }}
+          docker_name: 'ghcr.io/zaproxy/zaproxy:stable'
+          format: openapi
+          target: '${{ inputs.service_apispec_url }}'
+          fail_action: true
+          allow_issue_writing: false