Summary
The DAST workflow's upload-artifact step finds no files because ZAP writes reports with different filenames than what -J/-r flags produce.
From the run log:
Failed to locate the json report generated by ZAP Scan!
err: ENOENT: no such file or directory, open '.../report_json.json'
The -J report.json flag likely produces report_json.json (or similar convention), not report.json. Same for -r report.html.
Fix
Check ZAP's actual output filenames (run locally or inspect a workflow run's workspace) and update either the -J/-r arguments or the upload-artifact path glob to match.
Summary
The DAST workflow's
upload-artifactstep finds no files because ZAP writes reports with different filenames than what-J/-rflags produce.From the run log:
The
-J report.jsonflag likely producesreport_json.json(or similar convention), notreport.json. Same for-r report.html.Fix
Check ZAP's actual output filenames (run locally or inspect a workflow run's workspace) and update either the
-J/-rarguments or theupload-artifactpath glob to match.