actions
/
setup-node
mirror of https://gitea.com/actions/setup-node.git
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
setup-node/.github/workflows/apisec-scan.yml

72 lines
2.9 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# APIsec addresses the critical need to secure APIs before they reach production.
# APIsec provides the industrys only automated and continuous API testing platform that uncovers security vulnerabilities and logic flaws in APIs.
# Clients rely on APIsec to evaluate every update and release, ensuring that no APIs go to production with vulnerabilities.
# How to Get Started with APIsec.ai
# 1. Schedule a demo at https://www.apisec.ai/request-a-demo .
#
# 2. Register your account at https://cloud.apisec.ai/#/signup .
#
# 3. Register your API . See the video (https://www.youtube.com/watch?v=MK3Xo9Dbvac) to get up and running with APIsec quickly.
#
# 4. Get GitHub Actions scan attributes from APIsec Project -> Configurations -> Integrations -> CI-CD -> GitHub Actions
#
# apisec-run-scan
#
# This action triggers the on-demand scans for projects registered in APIsec.
# If your GitHub account allows code scanning alerts, you can then upload the sarif file generated by this action to show the scan findings.
# Else you can view the scan results from the project home page in APIsec Platform.
# The link to view the scan results is also displayed on the console on successful completion of action.
# This is a starter workflow to help you get started with APIsec-Scan Actions
name: APIsec
# Controls when the workflow will run
on:
# Triggers the workflow on push or pull request events but only for the "main" branch
# Customize trigger events based on your DevSecOps processes.
push:
branches: [ "main" ]
pull_request:
branches: [ "main" ]
schedule:
- cron: '32 13 * * 5'
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
permissions:
contents: read
jobs:
Trigger_APIsec_scan:
permissions:
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
runs-on: ubuntu-latest
steps:
- name: APIsec scan
uses: apisec-inc/apisec-run-scan@025432089674a28ba8fb55f8ab06c10215e772ea
with:
# The APIsec username with which the scans will be executed
apisec-username: ${{ secrets.apisec_username }}
# The Password of the APIsec user with which the scans will be executed
apisec-password: ${{ secrets.apisec_password}}
# The name of the project for security scan
apisec-project: "VAmPI"
# The name of the sarif format result file The file is written only if this property is provided.
sarif-result-file: "apisec-results.sarif"
- name: Import results
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: ./apisec-results.sarif
Reference in New Issue View Git Blame Copy Permalink