Skip to content

apisec-inc/ethicalcheck-action

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

37 Commits

README.md

README.md

 
 

action.yaml

action.yaml

 
 

pentest-script.sh

pentest-script.sh

 
 

Repository files navigation

APIsec EthicalCheck - Continuous API Security Testing

EthicalCheck addresses the critical need to continuously security test APIs in development and in production.

EthicalCheck provides the industry’s only free & automated API security testing service that uncovers security vulnerabilities using OWASP API list. Developers relies on EthicalCheck to evaluate every update and release, ensuring that no APIs go to production with exploitable vulnerabilities.

You develop the application and API, we bring complete and continuous security testing to you, accelerating development.

Know your API and Applications are secure with EthicalCheck – our free & automated API security testing service.

How EthicalCheck works?

EthicalCheck functions in the following simple steps.

Security Testing

Provide your OpenAPI specification or start with a public Postman collection URL. EthicalCheck instantly instrospects your API and creates a map of API endpoints for security testing.

It then automatically creates hundreds of security tests that are non-intrusive to comprehensively and completely test for authentication, authorizations, and OWASP bugs your API. The tests addresses the OWASP API Security categories including OAuth 2.0, JWT, Rate Limit etc.

Reporting

EthicalCheck generates security test report that includes all the tested endpoints, coverage graph, exceptions, and vulnerabilities. Vulnerabilities are fully triaged, it contains CVSS score, severity, endpoint information, and OWASP tagging.

Inputs

oas-url

Required The OpenAPI Specification URL or Swagger Path or Public Postman collection URL.

Example OpenAPI Specification URL: http://netbanking.apisec.ai:8080/v2/api-docs

Example Postman Collection URL: https://www.getpostman.com/collections/42d092251d3ae0bea4d4

Default value ""

email

Required The email address to which the penetration test report will be sent.

Default value ""

sarif-result-file

Optional The name of the sarif format result file. The file is written only if this property is provided.

Default value ""

Example (OpenAPI Spec)

- name: EthicalCheck - Free & Automated API Security Testing Service
  id: scan
  uses: apisec-inc/ethicalcheck-action@005fac321dd843682b1af6b72f30caaf9952c641
  with:
    oas-url: http://netbanking.apisec.ai:8080/v2/api-docs
    email: xxx@apisec.ai

Example (Postman Collection)

- name: EthicalCheck - Free & Automated API Security Testing Service
  id: scan
  uses: apisec-inc/ethicalcheck-action@005fac321dd843682b1af6b72f30caaf9952c641
  with:
    oas-url: https://www.getpostman.com/collections/42d092251d3ae0bea4d4
    email: xxx@apisec.ai

Upload results to GitHub - Code scanning alerts:

- name: EthicalCheck - Free & Automated API Security Testing Service
  id: scan
  uses: apisec-inc/ethicalcheck-action@005fac321dd843682b1af6b72f30caaf9952c641
  with:
    oas-url: http://netbanking.apisec.ai:8080/v2/api-docs
    email: xxx@apisec.ai
    sarif-result-file: "ethicalcheck-results.sarif"
    
- name: upload sarif file to repository
  uses: github/codeql-action/upload-sarif@v2
  with:
    sarif_file: ./ethicalcheck-results.sarif

About

This action triggers non-intrusive scan/playbooks against your APIs to find the vulnerabilities.

Topics

security penetration-testing

Resources

Readme
Activity
Custom properties

Stars

31 stars

Watchers

1 watching

Forks

4 forks
Report repository

Releases 9

Added SARIF Output support Latest
Oct 12, 2022
+ 8 releases

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages