SBN

Mayhem for API ❤️ GitHub: Seamless DevSecOps for your REST APIs

Mayhem for API ❤️ GitHub: Seamless DevSecOps for your REST APIs

Alex Rebert

·

April 13, 2021

The central tool to develop software as a team is a Source Code Management system like GitHub. This is where developers manage changes to their code: creating Pull Requests, discussing their changes with their team, and ensuring the pipelines are green.

AppSec/API Security 2022

Github Code Scanning integration with Mayhem for API

One of Mayhem for API’s guiding principles is to seamlessly integrate into existing developer ecosystems. We integrated Mayhem for API with GitHub from Day 1. For instance, you can sign up to our service with your GitHub account. Our GitHub App enables Mayhem for API to add GitHub Checks directly in your Pull Request.

Today, we’re announcing that Mayhem for API is natively integrated with GitHub Code Scanning to help developers and teams keep their APIs reliable, fast, and secure without slowing down their productivity. We are releasing a GitHub Action that integrates with GitHub Code Scanning. Thanks to that action, Mayhem for API can be effortlessly added to your GitHub workflows. Not using GitHub Actions? Our CLI allows you to upload findings to GitHub Code Scanning from any CI! You can even upload findings to an on-premise Enterprise GitHub instance.

With the launch of GitHub code scanning support, we’re happy to further embed our results where you want them: in your PRs before your changes get deployed to production.

Testing APIs through GitHub Code Scanning

Mayhem for API issue, in your PR

Mayhem for API results are converted into GitHub code scanning alerts, allowing you to manage the findings and see their history:

Mayhem for API results show as GitHub code scanning alerts

By clicking on the details of a finding, developers will get helpful information to fix the issue, including the HTTP request that triggered the issue, as well as the response generated by the API. In addition, Mayhem for API provides clear remediation advice to help you understand and fix the issue without delay.

If you want to give it a shot, sign up for our free 30-day trial and checkout our github action: https://github.com/ForAllSecure/mapi-action. We’d love to hear about your experience, so please reach out to [email protected] with any thoughts and feedback!

.

Stay Connected


Subscribe to Updates

By submitting this form, you agree to our
Terms of Use
and acknowledge our
Privacy Statement.

*** This is a Security Bloggers Network syndicated blog from Latest blog posts authored by Alex Rebert. Read the original post at: https://forallsecure.com/blog/github-code-scanning-integration-with-mayhem-for-api