-
Notifications
You must be signed in to change notification settings - Fork 68
/
action.yml
56 lines (45 loc) · 1.58 KB
/
action.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
name: 'OWASP OFFAT CICD Scanner'
description: 'Autonomously assesses your API for prevalent vulnerabilities in CICD pipelines'
branding:
icon: shield
color: blue
inputs:
file:
description: 'path or url of openapi/swagger specification file'
required: true
rate_limit:
description: 'API requests rate limit per second. default: 60'
required: false
default: '60'
artifact_retention_days:
description: 'artifact retention period in days. default: 2'
required: false
default: '2'
runs:
using: composite
steps:
- name: Setup Python 3.12
uses: actions/[email protected]
with:
python-version: '3.12'
- name: Install OFFAT
run: pip install -U offat
shell: bash
- name: Run Scanner
env:
scanner_file: ${{ inputs.file }}
scanner_rate_limit: ${{ inputs.rate_limit }}
run: |
mkdir -p ./offat-tmp/
offat --file $scanner_file --rate-limit $scanner_rate_limit -of json -o ./offat-tmp/results.json --capture-failed -H 'User-Agent: github-action-offat'
shell: bash
- name: Upload Scan Results to Artifacts
uses: actions/upload-artifact@v4
with:
name: offat-results.json
path: ./offat-tmp/results.json
retention-days: ${{ inputs.artifact_retention_days }}
# retention period docs: https://docs.github.com/en/actions/learn-github-actions/usage-limits-billing-and-administration#artifact-and-log-retention-policy
- name: CleanUp
run: rm -rf ./offat-tmp/
shell: bash