|
| 1 | +# This workflow uses actions that are not certified by GitHub. |
| 2 | +# They are provided by a third-party and are governed by |
| 3 | +# separate terms of service, privacy policy, and support |
| 4 | +# documentation. |
| 5 | + |
| 6 | +# This workflow locates REST API file contracts (Swagger or OpenAPI format, v2 and v3, JSON and YAML) |
| 7 | +# and runs 300+ security checks on them using 42Crunch Security Audit technology to uncover |
| 8 | +# potential vulnerabilities related to authentication, authorization as well as data validation. |
| 9 | +# |
| 10 | +# Documentation is located here: https://docs.42crunch.com/latest/content/tasks/integrate_github_actions.htm |
| 11 | +# |
| 12 | +# To use this workflow, you need a 42Crunch platform account. If you do not have one, you can contact us |
| 13 | +# from this page: https://42crunch.com/request-demo. |
| 14 | +# |
| 15 | +# 1. Follow steps at https://docs.42crunch.com/latest/content/tasks/integrate_github_actions.htm |
| 16 | +# to create an API Token on the 42Crunch platform |
| 17 | +# |
| 18 | +# 2. Create an secret in GitHub as explained in https://docs.42crunch.com/latest/content/tasks/integrate_github_actions.htm |
| 19 | +# and store the 42Crunch API Token in that secret. Expected default is API_TOKEN (see the api-token property in the task). |
| 20 | +# |
| 21 | +# If you have any questions or need help, open an issue at: https://support.42crunch.com. |
| 22 | + |
| 23 | +name: "42Crunch REST API Static Security Testing" |
| 24 | + |
| 25 | +# follow standard Code Scanning triggers |
| 26 | +on: |
| 27 | + push: |
| 28 | + branches: [ "Dev" ] |
| 29 | + pull_request: |
| 30 | + # The branches below must be a subset of the branches above |
| 31 | + branches: [ "main" ] |
| 32 | + schedule: |
| 33 | + - cron: '* * * * *' |
| 34 | + |
| 35 | +permissions: |
| 36 | + contents: read |
| 37 | + |
| 38 | +jobs: |
| 39 | + rest-api-static-security-testing: |
| 40 | + permissions: |
| 41 | + contents: read # for actions/checkout to fetch code |
| 42 | + security-events: write # for 42Crunch/api-security-audit-action to upload results to Github Code Scanning |
| 43 | + runs-on: any |
| 44 | + steps: |
| 45 | + - uses: actions/checkout@v3 |
| 46 | + |
| 47 | + - name: 42Crunch REST API Static Security Testing |
| 48 | + uses: 42Crunch/api-security-audit-action@fc01ea7a89e6268875868f9d89598af7a9899ae0 |
| 49 | + with: |
| 50 | + # Please create free account at https://platform.42crunch.com/register |
| 51 | + # Follow these steps to configure API_TOKEN https://docs.42crunch.com/latest/content/tasks/integrate_github_actions.htm |
| 52 | + api-token: ${{ secrets.API_TOKEN }} |
| 53 | + # Fail if any OpenAPI file scores lower than 75 |
| 54 | + min-score: 75 |
| 55 | + # Upload results to Github code scanning |
| 56 | + upload-to-code-scanning: true |
| 57 | + # Github token for uploading the results |
| 58 | + github-token: ${{ github.token }} |
0 commit comments