saving work #5

Summary
Jobs
- build
Run details
- Usage
- Workflow file

Workflow file for this run

	name: 'Mayhem for API'
	on:
	push:
	branches: [ main ]
	pull_request:
	branches: [ main ]
	workflow_dispatch:
	schedule:
	- cron: '0 2 * * *' # run at 2 AM UTC

	jobs:
	build:
	runs-on: ubuntu-latest
	steps:
	- name: Checkout repository
	uses: actions/checkout@v3

	# Create environment to run API
	- name: Set up Node
	uses: actions/setup-node@v3
	with:
	node-version: 18

	- name: Install dependencies
	run: npm install

	# Run API in test mode. We configured test mode to output stacktraces in
	# the error responses to improve the output of Mayhem for API.
	- name: Run API
	env:
	FASTAPI_ENV: test
	run: npx nyc node app.js &

	# Run Mayhem for API
	- name: Run Mayhem for API to check for vulnerabilities
	uses: ForAllSecure/mapi-action@v2
	continue-on-error: true
	with:
	mayhem-url: https://app.mayhem.security
	mayhem-token: ${{ secrets.MAYHEM_TOKEN }}
	api-url: http://localhost:3000
	api-spec: openapi.yaml
	sarif-report: mapi.sarif
	html-report: mapi.html
	target: forallsecure-demo/mapi-node-example/node

	# Kill python if it's still running, ignoring any errors
	- name: Shut down API
	run: pgrep node \| xargs kill \|\| true; sleep 5

	- name: Generate coverage
	run: npx nyc report --reporter=lcov

	- name: Upload Mayhem coverage to Codecov
	uses: codecov/codecov-action@v3
	with:
	name: mayhem
	files: coverage/lcov.info
	flags: vulnerability-tests
	fail_ci_if_error: true

	# Archive HTML report
	- name: Archive Mayhem for API report
	uses: actions/upload-artifact@v3
	with:
	name: mapi-report
	path: mapi.html

	# Upload SARIF file (only available on public repos or github enterprise)
	- name: Upload SARIF file
	uses: github/codeql-action/upload-sarif@v2
	with:
	sarif_file: mapi.sarif

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

saving work #5

Workflow file

saving work #5

Jobs

Run details

Workflow file for this run