OWASP · anukalp2804 · Jan 6, 2026 · Jan 6, 2026 · Jan 6, 2026 · Jan 7, 2026
@@ -5,6 +5,8 @@ on:
     types:
       - opened
 
+permissions: {}
+
 jobs:
   check-pr-issue:
     permissions:

@@ -6,6 +6,8 @@ on:
       - edited
       - opened
 
+permissions: {}
+
 jobs:
   label:
     permissions:

@@ -3,6 +3,8 @@ name: Label Pull Requests
 on:
   - pull_request_target
 
+permissions: {}
+
 jobs:
   labeler:
     permissions:

@@ -19,6 +19,8 @@ on:
       - published
   workflow_dispatch:
 
+permissions: {}
+
 env:
   FORCE_COLOR: 1
 
@@ -602,28 +604,31 @@ jobs:
         working-directory: frontend
 
   run-staging-zap-baseline-scan:
-    name: Run ZAP Baseline Scan
+    name: Run staging ZAP baseline scan
     needs:
       - deploy-staging-nest-proxy
     permissions:
       contents: read
     runs-on: ubuntu-latest
     steps:
-      - name: Run ZAP Baseline Scan
+      - name: Check out repository
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
+
+      - name: Run baseline scan
         uses: zaproxy/action-baseline@de8ad967d3548d44ef623df22cf95c3b0baf8b25
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           target: 'https://nest.owasp.dev'
           allow_issue_writing: false
           fail_action: false
-          cmd_options: '-a -r zap-report.html'
+          cmd_options: '-a -c .zapconfig -r report.html '
 
-      - name: Upload ZAP report
+      - name: Upload report
         if: always()
         uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f
         with:
           name: zap-baseline-scan-report-${{ github.run_id }}
-          path: zap-report.html
+          path: report.html
 
 
   build-production-images:
@@ -943,25 +948,28 @@ jobs:
         run: ansible-playbook -i inventory.yaml production/proxy.yaml -e "github_workspace=$GITHUB_WORKSPACE"
 
   run-production-zap-baseline-scan:
-    name: Run ZAP Baseline Scan
+    name: Run production ZAP baseline scan
     needs:
       - deploy-production-nest-proxy
     permissions:
       contents: read
     runs-on: ubuntu-latest
     steps:
-      - name: Run ZAP Baseline Scan
+      - name: Check out repository
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
+
+      - name: Run baseline scan
         uses: zaproxy/action-baseline@de8ad967d3548d44ef623df22cf95c3b0baf8b25
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           target: 'https://nest.owasp.org'
           allow_issue_writing: false
           fail_action: false
-          cmd_options: '-a -r zap-report.html'
+          cmd_options: '-a -c .zapconfig -r report.html '
 
-      - name: Upload ZAP report
+      - name: Upload report
         if: always()
         uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f
         with:
           name: zap-baseline-scan-report-${{ github.run_id }}
-          path: zap-report.html
+          path: report.html
@@ -12,6 +12,8 @@ on:
       - main
   workflow_dispatch:
 
+permissions: {}
+
 jobs:
   code-ql:
     name: CodeQL

@@ -5,6 +5,8 @@ on:
     - cron: 30 0 * * *
   workflow_dispatch:
 
+permissions: {}
+
 env:
   FORCE_COLOR: 1
 
@@ -13,6 +15,7 @@ jobs:
     name: Update Nest test images
     if: ${{ github.repository == 'OWASP/Nest' }}
     permissions:
+      actions: write
       contents: read
     runs-on: ubuntu-latest
     steps:

@@ -0,0 +1,8 @@
+# Rule description: comment.
+# rule_id<TAB>ACTION<TAB>(URL regex pattern)
+
+# Information Disclosure - Suspicious Comments: source map and debug ID comments.
+10027	IGNORE	https://nest.owasp.(dev|org)/_next/static/chunks/[a-f0-9]{16}.js
+
+# PII disclosure: false positive credicard number.
+10062	IGNORE	https://nest.owasp.(dev|org)/sitemap.xml
-# PII disclosure: false positive credicard number.
-10062	IGNORE	https://nest.owasp.(dev|org)/sitemap.xml
+# PII disclosure: false positive credit card number.
+10062	IGNORE	https://nest.owasp.(dev|org)/sitemap.xml
-# PII disclosure: false positive credicard number.
-10062	IGNORE	https://nest.owasp.(dev|org)/sitemap.xml
+# PII disclosure: false positive credit card number.
+10062	IGNORE	https://nest.owasp.(dev|org)/sitemap.xml
@@ -145,6 +145,7 @@ xdg
 xdist
 xoxb
 xsser
+zapconfig
 zaproxy
 zsc
 éàëîôû
@@ -17,7 +17,6 @@ interface MockTooltipProps {
   children: ReactNode
   content: string
   id?: string
-  closeDelay?: number
   delay?: number
   showArrow?: boolean
 }

@@ -141,7 +141,7 @@ describe('ChapterMap', () => {
           [-90, -180],
           [90, 180],
         ],
-        maxBoundsViscosity: 1.0,
+        maxBoundsViscosity: 1,
         scrollWheelZoom: false,
         zoomControl: false,
       })
@@ -287,7 +287,7 @@ describe('ChapterMap', () => {
       const { getByText, queryByText } = render(<ChapterMap {...defaultProps} />)
 
       const overlay = getByText('Unlock map').closest('button')
-      fireEvent.click(overlay!)
+      fireEvent.click(overlay)
 
       expect(queryByText('Unlock map')).not.toBeInTheDocument()
     })
@@ -296,7 +296,7 @@ describe('ChapterMap', () => {
       const { getByText } = render(<ChapterMap {...defaultProps} />)
 
       const overlay = getByText('Unlock map').closest('button')
-      fireEvent.click(overlay!)
+      fireEvent.click(overlay)
 
       expect(mockMap.scrollWheelZoom.enable).toHaveBeenCalled()
     })
@@ -305,7 +305,7 @@ describe('ChapterMap', () => {
       const { getByText } = render(<ChapterMap {...defaultProps} />)
 
       const overlay = getByText('Unlock map').closest('button')
-      fireEvent.keyDown(overlay!, { key: 'Enter' })
+      fireEvent.keyDown(overlay, { key: 'Enter' })
 
       expect(mockMap.scrollWheelZoom.enable).toHaveBeenCalled()
     })
@@ -314,7 +314,7 @@ describe('ChapterMap', () => {
       const { getByText } = render(<ChapterMap {...defaultProps} />)
 
       const overlay = getByText('Unlock map').closest('button')
-      fireEvent.keyDown(overlay!, { key: ' ' })
+      fireEvent.keyDown(overlay, { key: ' ' })
 
       expect(mockMap.scrollWheelZoom.enable).toHaveBeenCalled()
     })

@@ -337,7 +337,7 @@ describe('DonutBarChart Component Test Suite', () => {
       const chartSeries = JSON.parse(chart.dataset.series || '[]')
 
       // Should be rounded to 1 decimal place
-      expect(chartSeries).toEqual([1000000.0, 1000000.0, 2000000.5])
+      expect(chartSeries).toEqual([1000000, 1000000, 2000000.5])
     })
 
     it('handles negative values', () => {

@@ -161,7 +161,6 @@ describe('ProjectsDashboardDropDown Component', () => {
       ) {
         return
       }
-      return
     })
   })
 
@@ -303,7 +302,7 @@ describe('ProjectsDashboardDropDown Component', () => {
 
       expect(activeItem).toBeDefined()
 
-      fireEvent.click(activeItem!)
+      fireEvent.click(activeItem)
       expect(mockOnAction).toHaveBeenCalledWith('Active')
     })
 
@@ -317,7 +316,7 @@ describe('ProjectsDashboardDropDown Component', () => {
 
       expect(activeItem).toBeDefined()
 
-      fireEvent.keyDown(activeItem!, { key: 'Enter' })
+      fireEvent.keyDown(activeItem, { key: 'Enter' })
       expect(mockOnAction).toHaveBeenCalledWith('Active')
     })
 
@@ -333,8 +332,8 @@ describe('ProjectsDashboardDropDown Component', () => {
       expect(activeItem).toBeDefined()
       expect(inactiveItem).toBeDefined()
 
-      fireEvent.click(activeItem!)
-      fireEvent.click(inactiveItem!)
+      fireEvent.click(activeItem)
+      fireEvent.click(inactiveItem)
 
       expect(mockOnAction).toHaveBeenCalledTimes(2)
       expect(mockOnAction).toHaveBeenCalledWith('Active')

@@ -1,7 +1,7 @@
 export const mockCommitteeDetailsData = {
   committee: {
     name: 'Test Committee',
-    updatedAt: 1734103212.0,
+    updatedAt: 1734103212,
     leaders: ['Leader 1', 'Leader 2'],
     url: 'https://owasp.org/test-committee',
     summary: 'This is a test committee summary.',

@@ -85,7 +85,7 @@ export const mockSnapshotDetailsData = {
             name: '',
           },
         ],
-        updatedAt: 1727353371.0,
+        updatedAt: 1727353371,
         url: 'https://owasp.org/www-chapter-sivagangai',
         relatedUrls: [],
         geoLocation: {

@@ -41,7 +41,7 @@
     "dayjs": "^1.11.19",
     "dompurify": "^3.3.1",
     "eslint-plugin-import": "^2.32.0",
-    "framer-motion": "^12.24.0",
+    "framer-motion": "^12.24.7",
     "graphql": "^16.12.0",
     "ics": "^3.8.1",
     "leaflet": "^1.9.4",
-Original file line number
+Diff line change
@@ Expand Up / @@ -5,6 +5,8 @@ on: @@
         types:
           - opened
+    permissions: {}
     jobs:
       check-pr-issue:
         permissions:
@@ Expand Down @@