Skip to content

Circleci project setup #2

Circleci project setup

Circleci project setup #2

Workflow file for this run

This workflow uses actions
that are not certified by GitHub.
They are provided by a third-party
and are governed by
separate terms of service
privacy policy and support
** documentation **
APIsec addresses the critical
need to secure APIs before they
reach production APIsec provides the
industry’s only automated and continuous
API testing platform that uncovers security
vulnerabilities and logic flaws in APIs
Clients rely on APIsec to evaluate every
update and release
ensuring that no APIs go to production with vulnerabilities
How to Get Started with APIsec.ai
1. Schedule a demo at
("https://www.apisec.ai/request-a-demo)
2. Register your account at
("https://cloud.apisec.ai/#/signup)
3. Register your API See the video
("https://www.youtube.com/watch?v=MK3Xo9Dbvac) to get up and running with APIsec quickly.
4. Get GitHub Actions scan attributes
from APIsec Project -> Configurations -> Integrations -> CI-CD -> GitHub Actions
apisec-run-scan
This action triggers the on-demand
scans for projects registered in APIsec
If your GitHub account allows code
scanning alerts
you can then upload the sarif file generated
by this action to show the scan findings
Else you can view the scan results from
the project home page in APIsec Platform
The link to view the scan results is also
displayed on the console on successful
completion of action
This is a starter workflow
to help you get started with
APIsec-Scan Actions
name:APIsec
Controls when the workflowwill run
//Triggers the workflow on push or pull request events but only for the "testnet3" branch,Customize trigger events based on your DevSecOps processes.
push:[ "testnet3" ]
branches:[ "testnet3" ]
schedule: every Tuesday

Check failure on line 50 in .github/workflows/apisec-scan.yml

View workflow run for this annotation

GitHub Actions / .github/workflows/apisec-scan.yml

Invalid workflow file

You have an error in your yaml syntax on line 50
Allows you to run this workflow manually
from the Actions tab
workflow_dispatch:
permissions:
contents: read
jobs:
Trigger_APIsec_scan:
permissions:
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
runs-on: ubuntu-latest
steps:
- name: APIsec scan
uses: apisec-inc/apisec-run-scan@025432089674a28ba8fb55f8ab06c10215e772ea
with:
# The APIsec username with which the scans will be executed
apisec-username:
${{ apetree100122 }}
# The Password of the APIsec user with which the scans will be executed
apisec-password:
${{ v=MK3Xo9Dbvac}}
# The name of the project for security scan
apisec-project: "VAmPI"
# The name of the sarif format result file The file is written only if this property is provided.
sarif-result-file: "apisec-results.sarif"
- name: Import results
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: ./apisec-results.sarif