Skip to content
/ vulnapi-action Public
generated from actions/javascript-action

Use this action to scan your project for vulnerabilities using the VulnAPI.

github.com/cerberauth/vulnapi

License

MIT license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

cerberauth/vulnapi-action

Use this GitHub action with your project
Add this Action to an existing workflow or create a new one
View on Marketplace
BranchesTags

Repository files navigation

vulnapi logo

Join Discord GitHub Workflow Status Latest version Github Repo Stars License

VulnAPI: An API Security Vulnerability Scanner

VulnAPI is an Open-Source DAST designed to help you scan your APIs for common security vulnerabilities and weaknesses.

By using this tool, you can detect and mitigate security vulnerabilities in your APIs before they are exploited by attackers.

Use this action to scan your project for vulnerabilities with VulnAPI.

Vulnerabilities Detected

All the vulnerabilities detected by the project are listed at this URL: API Vulnerabilities Detected.

More vulnerabilities and best practices will be added in future releases. If you have any suggestions or requests for additional vulnerabilities or best practices to be included, please feel free to open an issue or submit a pull request.

Example usage

Using OpenAPI

name: Scan for API vulnerabilities

on: [push]

permissions:
  contents: read

jobs:
  build:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: VulnAPI
        uses: cerberauth/vulnapi-action@v1
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          openapi: 'openapi.yaml'

Using Curl

name: Scan for API vulnerabilities

on: [push]

permissions:
  contents: read

jobs:
  build:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: VulnAPI
        uses: cerberauth/vulnapi-action@v1
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          curl:
            'curl http://localhost:8080 -H "Authorization: Bearer eyJhbGci..."'

Inputs

General

Name Required Description Default
version false The version of the file to scan. latest

Curl Scan Options

Name Required Description Default
curl false The curl command to scan.

OpenAPI Scan Options

Name Required Description Default
openapi false The OpenAPI file location (path or URL)

VulnAPI Supported Flags

Name Required Description Default
scans false The scans performed. all
excludeScans false The scans to exclude.
rateLimit false The rate limit used to run API vulnerability scans. 10/s
proxy false The proxy server used during the scan.
severityThreshold false The severity threshold to trigger a failure. 0

Outputs

Scan results are output to the console.

Disclaimer

This scanner is provided for informational purposes only. It should not be used for malicious purposes or to attack any system without proper authorization. Always respect the security and privacy of others.

Telemetry

VulnAPI collects fully anonymized usage data to help improve the tool. This data is not shared with third parties. You can opt-out of telemetry by setting the telemetry option to false.

License

This repository is licensed under the MIT License @ CerberAuth.

About

Use this action to scan your project for vulnerabilities using the VulnAPI.

github.com/cerberauth/vulnapi

Topics

api cybersecurity vulnerability-detection vulnerability-scanners github-actions

Resources

Readme

License

MIT license

Code of conduct

Code of conduct

Security policy

Security policy
Activity
Custom properties

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases 5

v1.0.4 Latest
Nov 9, 2024
+ 4 releases

Contributors 3

  •  
  •  
  •  

Languages