Merge pull request #1262 from apisec-inc/master

Added starter workflow to help get started with APIsec-Scan code-scanning Action
This commit is contained in:
Nick Fyson
2021-12-01 12:45:02 +00:00
committed by GitHub
3 changed files with 97 additions and 0 deletions
+64
View File
@@ -0,0 +1,64 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# APIsec addresses the critical need to secure APIs before they reach production.
# APIsec provides the industrys only automated and continuous API testing platform that uncovers security vulnerabilities and logic flaws in APIs.
# Clients rely on APIsec to evaluate every update and release, ensuring that no APIs go to production with vulnerabilities.
# How to Get Started with APIsec.ai
# 1. Schedule a demo at https://www.apisec.ai/request-a-demo .
#
# 2. Register your account at https://cloud.fxlabs.io/#/signup .
#
# 3. Register your API . See the video (https://www.youtube.com/watch?v=MK3Xo9Dbvac) to get up and running with APIsec quickly.
#
# 4. Get GitHub Actions scan attributes from APIsec Project -> Configurations -> Integrations -> CI-CD -> GitHub Actions
#
# apisec-run-scan
#
# This action triggers the on-demand scans for projects registered in APIsec.
# If your GitHub account allows code scanning alerts, you can then upload the sarif file generated by this action to show the scan findings.
# Else you can view the scan results from the project home page in APIsec Platform.
# The link to view the scan results is also displayed on the console on successful completion of action.
# This is a starter workflow to help you get started with APIsec-Scan Actions
name: APIsec
# Controls when the workflow will run
on:
# Triggers the workflow on push or pull request events but only for the $default-branch branch
# Customize trigger events based on your DevSecOps processes.
push:
branches: [ $default-branch, $protected-branches ]
pull_request:
branches: [ $default-branch ]
schedule:
- cron: $cron-weekly
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
jobs:
Trigger APIsec scan:
runs-on: ubuntu-latest
steps:
- name: APIsec scan
uses: apisec-inc/apisec-run-scan@f62d0c6fae8a80f97b091a323befdb56e6ad9993
with:
# The APIsec username with which the scans will be executed
apisec-username: ${{ secrets.apisec_username }}
# The Password of the APIsec user with which the scans will be executed
apisec-password: ${{ secrets.apisec_password}}
# The name of the project for security scan
apisec-project: "VAmPI"
# The name of the sarif format result file The file is written only if this property is provided.
sarif-result-file: "apisec-results.sarif"
- name: Import results
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: ./apisec-results.sarif
@@ -0,0 +1,24 @@
{
"name": "APIsec Scan",
"creator": "APIsec",
"description": "APIsec addresses the critical need to secure APIs before they reach production. APIsec provides the industrys only automated and continuous API testing platform that uncovers security vulnerabilities and logic flaws in APIs. Clients rely on APIsec to evaluate every update and release, ensuring that no APIs go to production with vulnerabilities.",
"iconName": "apisec",
"categories": [
"Code Scanning",
"C",
"C#",
"C++",
"Go",
"Java",
"JavaScript",
"Kotlin",
"Objective C",
"PHP",
"Python",
"Ruby",
"Rust",
"Scala",
"Swift",
"TypeScript"
]
}
+9
View File
@@ -0,0 +1,9 @@
<?xml version="1.0" encoding="UTF-8"?>
<svg width="533px" height="617px" viewBox="0 0 533 617" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
<title>Fill 11</title>
<g id="Screens" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
<g id="Logo-Mark" transform="translate(-484.000000, -442.000000)" fill="#025C7A">
<path d="M746.975832,712.678783 C764.128375,712.678783 778.123597,726.606828 778.123597,743.759372 C778.123597,760.889523 764.128375,774.884745 746.975832,774.884745 C729.823288,774.884745 715.872851,760.889523 715.872851,743.759372 C715.872851,726.606828 729.823288,712.678783 746.975832,712.678783 L746.975832,712.678783 Z M746.707124,442 L484,586.565042 L484,707.618111 C483.977626,778.26599 504.444238,846.876165 543.183012,905.991981 C581.944178,965.063013 636.693485,1011.16887 701.541744,1039.38324 L745.385975,1058.39435 L777.048764,1044.35434 L777.048764,829.90276 C812.76457,817.407826 838.605347,783.707332 838.605347,743.759372 C838.605347,693.264612 797.515376,652.174641 746.975832,652.174641 C696.481072,652.174641 655.391101,693.264612 655.391101,743.759372 C655.391101,783.729725 681.231878,817.430219 716.947684,829.90276 L716.947684,979.39412 C666.945556,955.725401 624.512044,919.091509 594.080834,872.69455 C561.858236,823.498547 544.817654,766.442827 544.817654,707.662896 L544.817654,622.504771 L546.317941,621.676254 L747.132578,511.192376 L748.520904,511.931324 L955.493439,622.706302 L955.493439,704.304043 C955.560616,763.845314 938.161756,821.550412 905.155425,871.127085 C892.526137,890.09341 877.456083,907.805762 860.325931,923.838688 L860.325931,1001.60734 C898.392934,975.408281 930.481178,942.87219 955.762147,904.872364 C995.463792,845.3087 1016.35586,775.937185 1016.26658,704.348827 L1016.26658,586.318726 L746.707124,442 Z" id="Fill-11"></path>
</g>
</g>
</svg>

After

Width:  |  Height:  |  Size: 1.9 KiB