How to Integrate Mayhem for API Into Your CircleCI Pipeline
How to Integrate Mayhem for API Into Your CircleCI Pipeline
·
If you are using Circle CI for your build pipelines, you can now scan your APIs by adding our official orb. This orb downloads the latest version of Mayhem and scans your API. Failures are recorded as junit results, which can be stored in CircleCI using the store_test_results step.
We recommend using this to ensure no security vulnerabilities or crashes are present before merging code into your default branch.
Adding the Mayhem for API Orb
version: 2.1
orbs:
mapi: forallsecure/[email protected]Create a new job to scan your API and start your service. Then call the `mapi/scan` command to run Mayhem against your service.
jobs:
mayhem-for-api:
machine:
image: ubuntu-2204:2022.07.1
steps:
# Start your service
- run:
command: start-service.sh &
# Scan your API with Mayhem for API
- mapi/scan:
api-url: "http://localhost:8000"
api-spec: "https://demo-api.mayhem4api.forallsecure.com/api/v3/openapi.json"
- store_artifacts:
path: /tmp/mapi
- store_test_results:
path: /tmp/mapi/junit.xml
Then add the new job to your workflow.
workflows:
tests-and-security:
jobs:
- mayhem-for-api
Mayhem will now fuzz your API, report failures as test results, and ensure your code is and remains secure.
You can find more documentation on Mayhem continuous integration here.
Stay Connected
Subscribe to Updates
By submitting this form, you agree to our
Terms of Use
and acknowledge our
Privacy Statement.
*** This is a Security Bloggers Network syndicated blog from Latest blog posts authored by James Kessler. Read the original post at: https://forallsecure.com/blog/how-to-integrate-mayhem-for-api-into-your-circleci-pipeline
