diff --git a/README.md b/README.md index b2951fd..c322d68 100644 --- a/README.md +++ b/README.md @@ -14,22 +14,26 @@ Traceable’s GitHub action can be used to continuously test your software build ## Getting started with Traceable AST action ### Understanding the inputs -| **Input** | **Description** | -| ------------------- |--------------------------------------------------------------------| -| step\_name | Scan action: init/ run/ init and run/ stop. | -| scan\_name | Name of the scan | -| client\_scan\_token | Access token from platform | -| cli\_version | Version of CLI you want to use for AST. Current one is 1.0.0-rc.3. | -| traffic\_env | Environment from where AST should observe traffic. | -| plugins | List of plugins you want to run the AST scan for. | -| include\_url\_regex | Include URL patterns to test. | -| exclude\_url\_regex | exclude URL patterns from scan. | -| target\_url | Target URL for the tests. | -| traceable\_server | URL for traceable server, not applicable for SaaS customers. | -| idle\_timeout | Scan timeout for a scan when it goes in IDLE state. | -| scan\_timeout | Scan timeout in general. | -| reference\_env | Reference environment from where AST should pick up the API specs. | -| max\_retries | Max retries for the scan after failure. | +| **Input** | **Description** | +|---------------------------------|-------------------------------------------------------------------------------| +| step\_name | Scan action: init/ run/ init and run/ stop. | +| scan\_name | Name of the scan | +| client\_scan\_token | Access token from platform | +| cli\_version | Version of CLI you want to use for AST. Current one is 1.0.0-rc.3. | +| traffic\_env | Environment from where AST should observe traffic. | +| plugins | List of plugins you want to run the AST scan for. | +| include\_url\_regex | Include URL patterns to test. | +| exclude\_url\_regex | exclude URL patterns from scan. | +| target\_url | Target URL for the tests. | +| traceable\_server | URL for traceable server, not applicable for SaaS customers. | +| idle\_timeout | Scan timeout for a scan when it goes in IDLE state. | +| scan\_timeout | Scan timeout in general. | +| reference\_env | Reference environment from where AST should pick up the API specs. | +| max\_retries | Max retries for the scan after failure. | +| scan\_suite | AST suite name as defined on the Traceable.ai platform. | +| graphql\_schema\_ids | Comma separated GraphQl schema IDs uploaded on Traceable.ai platform. | +| graphql\_schema\_files | Comma separated GraphQl SDL file paths. | +| graphql\_introspection\_enabled | Enables extracting the GraphQl Schema by running introspection on target-url. | ### Sample GitHub Action workflow diff --git a/action.yml b/action.yml index 671cff2..39630ad 100644 --- a/action.yml +++ b/action.yml @@ -145,7 +145,22 @@ inputs: required: false description: 'Output stream/file for traceable cli logs' default: 'NULL' - + scan_suite: + required: false + description: 'AST suite name as defined on the Traceable.ai platform' + default: 'NULL' + graphql_schema_ids: + required: false + description: 'Comma separated GraphQl schema IDs uploaded on Traceable.ai platform' + default: 'NULL' + graphql_schema_files: + required: false + description: 'Comma separated GraphQl SDL file paths' + default: 'NULL' + graphql_introspection_enabled: + required: false + description: 'Enables extracting the GraphQl Schema by running introspection on target-url' + default: 'false' runs: using: composite steps: @@ -196,11 +211,11 @@ runs: traceableCliBinaryLocation=${GITHUB_WORKSPACE}/traceable scanInitCmd=$traceableCliBinaryLocation' ast scan initAndRun' - optionsArr=('--scan-name' '--traffic-env' '--token' '--plugins' '--include-url-regex' '--exclude-url-regex' '--target-url' '--traceable-server' '--idle-timeout' '--scan-timeout' ' --reference-env' '--max-retries' '--openapi-spec-ids' '--openapi-spec-files' '--policy' '--postman-collection' '--postman-environment' '--include-endpoint-labels' '--exclude-endpoint-labels' '--include-endpoint-with-owner-attributes' '--include-endpoint-owners' '--loglevel' '--logfile' '--agent-logfile' '--proxy-logfile') + optionsArr=('--scan-name' '--traffic-env' '--token' '--plugins' '--include-url-regex' '--exclude-url-regex' '--target-url' '--traceable-server' '--idle-timeout' '--scan-timeout' ' --reference-env' '--max-retries' '--openapi-spec-ids' '--openapi-spec-files' '--policy' '--postman-collection' '--postman-environment' '--include-endpoint-labels' '--exclude-endpoint-labels' '--include-endpoint-with-owner-attributes' '--include-endpoint-owners' '--loglevel' '--logfile' '--agent-logfile' '--proxy-logfile' '--scan-suite' '--graphql-schema-ids' '--graphql-schema-files' '--graphql-introspection-enabled') #Iterating the options available from options array and filling them with the arguments received in order iterator=0 - for option in '${{ inputs.scan_name }}' '${{ inputs.traffic_env }}' '${{ inputs.client_scan_token }}' '${{ inputs.plugins }}' '${{ inputs.include_url_regex }}' '${{ inputs.exclude_url_regex }}' '${{ inputs.target_url }}' '${{ inputs.traceable_server }}' '${{ inputs.idle_timeout }}' '${{ inputs.scan_timeout }}' '${{ inputs.reference_env }}' '${{ inputs.max_retries }}' '${{ inputs.openapi_spec_ids }}' '${{ inputs.openapi_spec_files }}' '${{ inputs.policy }}' '${{ inputs.postman_collection }}' '${{ inputs.postman_environment }}' '${{ inputs.include_endpoint_labels}}' '${{ inputs.exclude_endpoint_labels }}' '${{ inputs.include_endpoint_with_owner_attributes }}' '${{ inputs.include_endpoint_owners }}' '${{ inputs.log_level }}' '${{ inputs.logfile }}' '${{ inputs.agent_logfile }}' '${{ inputs.proxy_logfile }}' + for option in '${{ inputs.scan_name }}' '${{ inputs.traffic_env }}' '${{ inputs.client_scan_token }}' '${{ inputs.plugins }}' '${{ inputs.include_url_regex }}' '${{ inputs.exclude_url_regex }}' '${{ inputs.target_url }}' '${{ inputs.traceable_server }}' '${{ inputs.idle_timeout }}' '${{ inputs.scan_timeout }}' '${{ inputs.reference_env }}' '${{ inputs.max_retries }}' '${{ inputs.openapi_spec_ids }}' '${{ inputs.openapi_spec_files }}' '${{ inputs.policy }}' '${{ inputs.postman_collection }}' '${{ inputs.postman_environment }}' '${{ inputs.include_endpoint_labels}}' '${{ inputs.exclude_endpoint_labels }}' '${{ inputs.include_endpoint_with_owner_attributes }}' '${{ inputs.include_endpoint_owners }}' '${{ inputs.log_level }}' '${{ inputs.logfile }}' '${{ inputs.agent_logfile }}' '${{ inputs.proxy_logfile }}' '${{ inputs.scan_suite }}' '${{ inputs.graphql_schema_ids }}' '${{ inputs.graphql_schema_files }}' '${{ inputs.graphql_introspection_enabled }}' do if [ -z "$option" ] || [ "$option" = "''" ] || [ "$option" = "NULL" ] then @@ -248,11 +263,11 @@ runs: traceableCliBinaryLocation=${GITHUB_WORKSPACE}/traceable scanInitCmd=$traceableCliBinaryLocation' ast scan init ' - optionsArr=('--scan-name' '--traffic-env' '--token' '--plugins' '--include-url-regex' '--exclude-url-regex' '--target-url' '--traceable-server' '--scan-timeout' ' --reference-env' '--openapi-spec-ids' '--openapi-spec-files' '--policy' '--include-endpoint-labels' '--exclude-endpoint-labels' '--include-endpoint-with-owner-attributes' '--include-endpoint-owners' '--loglevel') + optionsArr=('--scan-name' '--traffic-env' '--token' '--plugins' '--include-url-regex' '--exclude-url-regex' '--target-url' '--traceable-server' '--scan-timeout' ' --reference-env' '--openapi-spec-ids' '--openapi-spec-files' '--policy' '--include-endpoint-labels' '--exclude-endpoint-labels' '--include-endpoint-with-owner-attributes' '--include-endpoint-owners' '--loglevel' '--scan-suite' '--graphql-schema-ids' '--graphql-schema-files' '--graphql-introspection-enabled') #Iterating the options available from options array and filling them with the arguments received in order iterator=0 - for option in '${{ inputs.scan_name }}' '${{ inputs.traffic_env }}' '${{ inputs.client_scan_token }}' '${{ inputs.plugins }}' '${{ inputs.include_url_regex }}' '${{ inputs.exclude_url_regex }}' '${{ inputs.target_url }}' '${{ inputs.traceable_server }}' '${{ inputs.scan_timeout }}' '${{ inputs.reference_env }}' '${{ inputs.openapi_spec_ids }}' '${{ inputs.openapi_spec_files }}' '${{ inputs.policy }}' '${{ inputs.include_endpoint_labels}}' '${{ inputs.exclude_endpoint_labels }}' '${{ inputs.include_endpoint_with_owner_attributes }}' '${{ inputs.include_endpoint_owners }}' '${{ inputs.log_level }}' + for option in '${{ inputs.scan_name }}' '${{ inputs.traffic_env }}' '${{ inputs.client_scan_token }}' '${{ inputs.plugins }}' '${{ inputs.include_url_regex }}' '${{ inputs.exclude_url_regex }}' '${{ inputs.target_url }}' '${{ inputs.traceable_server }}' '${{ inputs.scan_timeout }}' '${{ inputs.reference_env }}' '${{ inputs.openapi_spec_ids }}' '${{ inputs.openapi_spec_files }}' '${{ inputs.policy }}' '${{ inputs.include_endpoint_labels}}' '${{ inputs.exclude_endpoint_labels }}' '${{ inputs.include_endpoint_with_owner_attributes }}' '${{ inputs.include_endpoint_owners }}' '${{ inputs.log_level }}' '${{ inputs.scan_suite }}' '${{ inputs.graphql_schema_ids }}' '${{ inputs.graphql_schema_files }}' '${{ inputs.graphql_introspection_enabled }}' do if [ -z "$option" ] || [ "$option" = "''" ] || [ "$option" = "NULL" ] then