Skip to content

Latest commit

 

History

History
172 lines (131 loc) · 3.91 KB

README.adoc

File metadata and controls

172 lines (131 loc) · 3.91 KB

CloudBees action: Scan with StackHawk

Use this action to scan a web application with the StackHawk dynamic application security testing (DAST) scanner.

Inputs

Table 1. Input details
Input name Data type Required? Description

token

String

Yes

The StackHawk token.

app-id

String

Yes

The StackHawk application ID.

environment

String

Yes

The application environment name.

auth-type

String

Yes

The authorization type. Supported types are:

  • None ("noauth")

  • Username/password ("UsernamePasswordAuth")

  • Auth0 ("auth0")

paths

String

Yes

The application paths to scan.

test-path

String

Yes

The file path to comparison test, which contains known security vulnerabilities.

url

String

Yes

The application URL.

app-username-form-field-name

String

Required only if auth-type: "UsernamePasswordAuth".

The form field name of the application username.

app-password-form-field-name

String

Required only if auth-type: "UsernamePasswordAuth".

The form field name of the application password.

app-username

String

Required only if auth-type: "UsernamePasswordAuth".

The application username.

app-password

String

Required only if auth-type: "UsernamePasswordAuth".

The application password.

domain

String

Required only if auth-type: "auth0".

The StackHawk domain.

client-id

String

Required only if auth-type: "auth0".

The StackHawk client ID.

client-secret

String

Required only if auth-type: "auth0".

The StackHawk client secret.

Usage examples

The following display an example of each authorization type in use.

No authorization

In the case of auth-type: "noauth":

      - name: Scan with StackHawk noauth
        uses: cloudbees-io/stackhawk-dast-scan-environment@v1
        with:
          token: ${{ secrets.STACKHAWK_TOKEN }}
          app-id: "your-application-id"
          environment: "Development"
          auth-type: "noauth"
          paths: "/components1,/components2"
          test-path: "/component-test"
          url: "https://example.com"

Username/password authorization

In the case of auth-type: "UsernamePasswordAuth":

      - name: Scan with StackHawk user passwd
        uses: cloudbees-io/stackhawk-dast-scan-environment@v1
        with:
          token: ${{ secrets.STACKHAWK_TOKEN}}
          app-id: "your-application-id"
          environment: "Development"
          auth-type: "UsernamePasswordAuth"
          paths: "/index.jsp?content=personal.htm"
          test-path: "/index.jsp?content=personal.htm"
          url: "https://demo.testfire.net"
          app-username-form-field-name: "uid"
          app-password-form-field-name: "passw"
          app-username: "admin"
          app-password: ${{ secrets.STACKHAWK_PASSWORD }}

Auth0 authorization

In the case of auth-type: "auth0":

      - name: Scan with StackHawk auth0
        uses: cloudbees-io/stackhawk-dast-scan-environment@v1
        with:
          token: ${{ secrets.STACKHAWK_TOKEN }}
          app-id: "your-application-id"
          environment: "Development"
          auth-type: "auth0"
          paths: "/dashboard,/organisations,/standards"
          test-path: "/components"
          url: "https://example.com"
          domain: "https://cbcdev.eu.auth0.com"
          client-id: ${{ secrets.STACKHAWK_CLIENT_ID }}
          client-secret: ${{ secrets.STACKHAWK_CLIENT_SECRET }}

License

This code is made available under the MIT license.

References