The central tool to develop software as a team is a Source Code Management system like GitHub. This is where developers manage changes to their code: creating Pull Requests, discussing their changes with their team, and ensuring the pipelines are green. An additional Github feature that has proven useful to developers is GitHub Code Scanning. GitHub code Scanning became widely available in September of 2020 and allows developers to easily identify vulnerabilities in code prior to production. GitHub Actions are automatically integrated with Code Scanning allowing teams to automate workflows and scan code as it’s produced.
One of Mayhem for API’s guiding principles is to seamlessly integrate into existing developer ecosystems. We integrated Mayhem for API with GitHub from Day 1. For instance, you can sign up to our service with your GitHub account. Our GitHub App enables Mayhem for API to add GitHub Checks directly in your Pull Request.
GitHub Code Scanning Integration for API Testing
To enhance the capabilities of Code Scanning, we’re announcing that Mayhem for API is now natively integrated with GitHub Code Scanning. This integration will help developers and teams keep their APIs reliable, fast, and secure without slowing down their productivity. We are releasing a GitHub Action that integrates with GitHub Code Scanning, and enables Mayhem for API to be effortlessly added to your GitHub workflows. Not using GitHub Actions? Our CLI allows you to upload findings to GitHub Code Scanning from any CI! You can even upload findings to an on-premise Enterprise GitHub instance.
With the launch of GitHub code scanning support, we’re happy to further embed our results where you want them: in your PRs before your changes get deployed to production.
Mayhem for API issue, in your PR
Mayhem for API results are converted into GitHub code scanning alerts, allowing you to manage the findings and see their history:
By clicking on the details of a finding, developers will get helpful information to fix the issue, including the HTTP request that triggered the issue, as well as the response generated by the API. In addition, Mayhem for API provides clear remediation advice to help you understand and fix the issue without delay.
If you want to give it a shot, sign up for our free 30-day trial and checkout our github action: https://github.com/ForAllSecure/mapi-action. We’d love to hear about your experience, so please reach out to [email protected] with any thoughts and feedback!
*** This is a Security Bloggers Network syndicated blog from Latest blog posts authored by Alex Rebert. Read the original post at: https://forallsecure.com/blog/test/github-code-scanning-integration-with-mayhem-for-api