Files

70 lines
3.2 KiB
YAML
Raw Permalink Normal View History

2022-08-30 21:45:04 +05:30
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# EthicalCheck addresses the critical need to continuously security test APIs in development and in production.
# EthicalCheck provides the industrys only free & automated API security testing service that uncovers security vulnerabilities using OWASP API list.
# Developers relies on EthicalCheck to evaluate every update and release, ensuring that no APIs go to production with exploitable vulnerabilities.
# You develop the application and API, we bring complete and continuous security testing to you, accelerating development.
# Know your API and Applications are secure with EthicalCheck our free & automated API security testing service.
# How EthicalCheck works?
# EthicalCheck functions in the following simple steps.
# 1. Security Testing.
# Provide your OpenAPI specification or start with a public Postman collection URL.
# EthicalCheck instantly instrospects your API and creates a map of API endpoints for security testing.
# It then automatically creates hundreds of security tests that are non-intrusive to comprehensively and completely test for authentication, authorizations, and OWASP bugs your API. The tests addresses the OWASP API Security categories including OAuth 2.0, JWT, Rate Limit etc.
# 2. Reporting.
# EthicalCheck generates security test report that includes all the tested endpoints, coverage graph, exceptions, and vulnerabilities.
# Vulnerabilities are fully triaged, it contains CVSS score, severity, endpoint information, and OWASP tagging.
# This is a starter workflow to help you get started with EthicalCheck Actions
name: EthicalCheck-Workflow
# Controls when the workflow will run
on:
# Triggers the workflow on push or pull request events but only for the $default-branch branch
# Customize trigger events based on your DevSecOps processes.
push:
branches: [ $default-branch, $protected-branches ]
pull_request:
branches: [ $default-branch ]
schedule:
- cron: $cron-weekly
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
2022-10-12 20:30:11 +05:30
permissions:
contents: read
2022-11-04 20:45:41 +01:00
2022-08-30 21:45:04 +05:30
jobs:
Trigger_EthicalCheck:
2022-10-12 20:30:11 +05:30
permissions:
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
2022-11-04 20:45:41 +01:00
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
2022-08-30 21:45:04 +05:30
runs-on: ubuntu-latest
steps:
- name: EthicalCheck Free & Automated API Security Testing Service
2022-10-12 14:21:47 +05:30
uses: apisec-inc/ethicalcheck-action@005fac321dd843682b1af6b72f30caaf9952c641
2022-08-30 21:45:04 +05:30
with:
# The OpenAPI Specification URL or Swagger Path or Public Postman collection URL.
oas-url: "http://netbanking.apisec.ai:8080/v2/api-docs"
# The email address to which the penetration test report will be sent.
2022-10-12 14:21:47 +05:30
email: "xxx@apisec.ai"
sarif-result-file: "ethicalcheck-results.sarif"
2022-11-04 20:45:41 +01:00
2022-10-12 20:30:11 +05:30
- name: Upload sarif file to repository
uses: github/codeql-action/upload-sarif@v3
2022-10-12 20:30:11 +05:30
with:
2022-10-12 14:21:47 +05:30
sarif_file: ./ethicalcheck-results.sarif
2022-11-04 20:45:41 +01:00