mirror of https://github.com/actions/setup-go.git
				
				
				
			Create mayhem-for-api-analysis.yml
This commit is contained in:
		
							parent
							
								
									203d3496eb
								
							
						
					
					
						commit
						6a1e869d9d
					
				|  | @ -0,0 +1,66 @@ | |||
| # This workflow uses actions that are not certified by GitHub. | ||||
| # They are provided by a third-party and are governed by | ||||
| # separate terms of service, privacy policy, and support | ||||
| # documentation. | ||||
| # | ||||
| # This workflow starts your API and fuzzes it with ForAllSecure Mayhem for API | ||||
| # to find reliability, performance and security issues before they reach | ||||
| # production. | ||||
| # | ||||
| # To use this workflow, you will need to: | ||||
| # | ||||
| # 1. Create a Mayhem for API account at | ||||
| #    https://mayhem4api.forallsecure.com/signup (30-day free trial) | ||||
| # | ||||
| # 2. Create a service account token `mapi organization service-account create | ||||
| #    <org-name> <service-account-name>` | ||||
| # | ||||
| # 3. Add the service account token as a secret in GitHub called "MAPI_TOKEN" | ||||
| # | ||||
| # 4. Update the "Start your API" step to run your API in the background before | ||||
| #    starting the Mayhem for API scan, and update the `api-url` & `api-spec` | ||||
| #    field. | ||||
| # | ||||
| # If you have any questions, please contact us at mayhem4api@forallsecure.com | ||||
| 
 | ||||
| name: "Mayhem for API" | ||||
| 
 | ||||
| on: | ||||
|   push: | ||||
|     branches: [ main, setup-go ] | ||||
|   pull_request: | ||||
|     # The branches below must be a subset of the branches above | ||||
|     branches: [ main ] | ||||
| 
 | ||||
| jobs: | ||||
|   mayhem-for-api: | ||||
|     name: Mayhem for API | ||||
|     # Mayhem for API runs on linux, mac and windows | ||||
|     runs-on: ubuntu-latest | ||||
|     permissions: | ||||
|       actions: read | ||||
|       contents: read | ||||
|       security-events: write | ||||
|     steps: | ||||
|       - uses: actions/checkout@v2 | ||||
| 
 | ||||
|       # Run your API in the background. Ideally, the API would run in debug | ||||
|       # mode & send stacktraces back on "500 Internal Server Error" responses | ||||
|       # (don't do this in production though!) | ||||
|       - name: Start your API | ||||
|         run: ./run_your_api.sh & # <- ✏️ update this | ||||
| 
 | ||||
|       - name: Mayhem for API | ||||
|         uses: ForAllSecure/mapi-action@193b709971cc377675e33284aecbf9229853e010 | ||||
|         continue-on-error: true | ||||
|         with: | ||||
|           mapi-token: ${{ secrets.MAPI_TOKEN }} | ||||
|           api-url: http://localhost:8080 # <- ✏️ update this | ||||
|           api-spec: http://localhost:8080/openapi.json # <- ✏️ update this | ||||
|           duration: 60 | ||||
|           sarif-report: mapi.sarif | ||||
| 
 | ||||
|       - name: Upload SARIF file | ||||
|         uses: github/codeql-action/upload-sarif@v1 | ||||
|         with: | ||||
|           sarif_file: mapi.sarif | ||||
		Loading…
	
		Reference in New Issue
	
	 Juri Burakov
						Juri Burakov