Merge pull request #385 from akash4sh/main #159
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This workflow uses actions that are not certified by GitHub. | |
# They are provided by a third-party and are governed by | |
# separate terms of service, privacy policy, and support | |
# documentation. | |
# | |
# Run a Nexploit Scan | |
# This action runs a new security scan in Nexploit, or reruns an existing one. | |
# Build Secure Apps & APIs. Fast. | |
# [NeuraLegion](https://www.neuralegion.com) is a powerful dynamic application & API security testing (DAST) platform that security teams trust and developers love. | |
# Automatically Tests Every Aspect of Your Apps & APIs | |
# Scans any target, whether Web Apps, APIs (REST. & SOAP, GraphQL & more), Web sockets or mobile, providing actionable reports | |
# Seamlessly integrates with the Tools and Workflows You Already Use | |
# | |
# NeuraLegion works with your existing CI/CD pipelines – trigger scans on every commit, pull request or build with unit testing. | |
# Spin-Up, Configure and Control Scans with Code | |
# One file. One command. One scan. No UI needed. | |
# | |
# Super-Fast Scans | |
# | |
# Interacts with applications and APIs, instead of just crawling them and guessing. | |
# Scans are fast as our AI-powered engine can understand application architecture and generate sophisticated and targeted attacks. | |
# | |
# No False Positives | |
# | |
# Stop chasing ghosts and wasting time. NeuraLegion doesn’t return false positives, so you can focus on releasing code. | |
# | |
# Comprehensive Security Testing | |
# | |
# NeuraLegion tests for all common vulnerabilities, such as SQL injection, CSRF, XSS, and XXE -- as well as uncommon vulnerabilities, such as business logic vulnerabilities. | |
# | |
# More information is available on NeuraLegion’s: | |
# * [Website](https://www.neuralegion.com/) | |
# * [Knowledge base](https://docs.neuralegion.com/docs/quickstart) | |
# * [YouTube channel](https://www.youtube.com/channel/UCoIC0T1pmozq3eKLsUR2uUw) | |
# * [GitHub Actions](https://github.com/marketplace?query=neuralegion+) | |
# | |
# Inputs | |
# | |
# `name` | |
# | |
# **Required**. Scan name. | |
# | |
# _Example:_ `name: GitHub scan ${{ github.sha }}` | |
# | |
# `api_token` | |
# | |
# **Required**. Your Nexploit API authorization token (key). You can generate it in the **Organization** section on [nexploit.app](https://nexploit.app/login). Find more information [here](https://kb.neuralegion.com/#/guide/np-web-ui/advanced-set-up/managing-org?id=managing-organization-apicli-authentication-tokens). | |
# | |
# _Example:_ `api_token: ${{ secrets.NEXPLOIT_TOKEN }}` | |
# | |
# `restart_scan` | |
# | |
# **Required** when restarting an existing scan by its ID. You can get the scan ID in the Scans section on [nexploit.app](https://nexploit.app/login).<br> Please make sure to only use the necessary parameters. Otherwise, you will get a response with the parameter usage requirements. | |
# | |
# _Example:_ `restart_scan: ai3LG8DmVn9Rn1YeqCNRGQ)` | |
# | |
# `discovery_types` | |
# | |
# **Required**. Array of discovery types. The following types are available: | |
# * `archive` - uses an uploaded HAR-file for a scan | |
# * `crawler` - uses a crawler to define the attack surface for a scan | |
# * `oas` - uses an uploaded OpenAPI schema for a scan <br> | |
# If no discovery type is specified, `crawler` is applied by default. | |
# | |
# _Example:_ | |
# | |
# ```yml | |
# discovery_types: | | |
# [ "crawler", "archive" ] | |
# ``` | |
# | |
# `file_id` | |
# | |
# **Required** if the discovery type is set to `archive` or `oas`. ID of a HAR-file or an OpenAPI schema you want to use for a scan. You can get the ID of an uploaded HAR-file or an OpenAPI schema in the **Storage** section on [nexploit.app](https://nexploit.app/login). | |
# | |
# _Example:_ | |
# | |
# ``` | |
# FILE_ID=$(nexploit-cli archive:upload \ | |
# --token ${{ secrets.NEXPLOIT_TOKEN }} \ | |
# --discard true \ | |
# ./example.har) | |
# ``` | |
# | |
# `crawler_urls` | |
# | |
# **Required** if the discovery type is set to `crawler`. Target URLs to be used by the crawler to define the attack surface. | |
# | |
# _Example:_ | |
# | |
# ``` | |
# crawler_urls: | | |
# [ "http://vulnerable-bank.com" ] | |
# ``` | |
# | |
# `hosts_filter` | |
# | |
# **Required** when the the discovery type is set to `archive`. Allows selecting specific hosts for a scan. | |
# | |
# Outputs | |
# | |
# `url` | |
# | |
# Url of the resulting scan | |
# | |
# `id` | |
# | |
# ID of the created scan. This ID could then be used to restart the scan, or for the following GitHub actions: | |
# * [Nexploit Wait for Issues](https://github.com/marketplace/actions/nexploit-wait-for-issues) | |
# * [Nexploit Stop Scan](https://github.com/marketplace/actions/nexploit-stop-scan) | |
# | |
# Example usage | |
# | |
# Start a new scan with parameters | |
# | |
# ```yml | |
# steps: | |
# - name: Start Nexploit Scan | |
# id: start | |
# uses: NeuraLegion/run-scan@29ebd17b4fd6292ce7a238a59401668953b37fbe | |
# with: | |
# api_token: ${{ secrets.NEXPLOIT_TOKEN }} | |
# name: GitHub scan ${{ github.sha }} | |
# discovery_types: | | |
# [ "crawler", "archive" ] | |
# crawler_urls: | | |
# [ "http://vulnerable-bank.com" ] | |
# file_id: LiYknMYSdbSZbqgMaC9Sj | |
# hosts_filter: | | |
# [ ] | |
# - name: Get the output scan url | |
# run: echo "The scan was started on ${{ steps.start.outputs.url }}" | |
# ``` | |
# | |
# Restart an existing scan | |
# | |
# ```yml | |
# steps: | |
# - name: Start Nexploit Scan | |
# id: start | |
# uses: NeuraLegion/run-scan@29ebd17b4fd6292ce7a238a59401668953b37fbe | |
# with: | |
# api_token: ${{ secrets.NEXPLOIT_TOKEN }} | |
# name: GitHub scan ${{ github.sha }} | |
# restart_scan: ai3LG8DmVn9Rn1YeqCNRGQ | |
# - name: Get the output scan url | |
# run: echo "The scan was started on ${{ steps.start.outputs.url }}" | |
name: "NeuraLegion" | |
on: | |
push: | |
branches: [ "main" ] | |
pull_request: | |
branches: [ "main" ] | |
schedule: | |
- cron: '30 0 * * 4' | |
jobs: | |
neuralegion_scan: | |
runs-on: ubuntu-18.04 | |
name: A job to run a Nexploit scan | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Start Nexploit Scan 🏁 | |
id: start | |
uses: NeuraLegion/run-scan@29ebd17b4fd6292ce7a238a59401668953b37fbe | |
with: | |
api_token: ${{ secrets.NEURALEGION_TOKEN }} | |
name: GitHub scan ${{ github.sha }} | |
discovery_types: | | |
[ "crawler" ] | |
crawler_urls: | | |
[ "https://brokencrystals.com" ] # ✏️ Update this to the url you wish to scan |