GitHub Action
VulnAPI Action
VulnAPI is an Open-Source DAST designed to help you scan your APIs for common security vulnerabilities and weaknesses.
By using this tool, you can detect and mitigate security vulnerabilities in your APIs before they are exploited by attackers.
Use this action to scan your project for vulnerabilities with VulnAPI.
All the vulnerabilities detected by the project are listed at this URL: API Vulnerabilities Detected.
More vulnerabilities and best practices will be added in future releases. If you have any suggestions or requests for additional vulnerabilities or best practices to be included, please feel free to open an issue or submit a pull request.
name: VulnAPI
on: [push]
permissions:
contents: read
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: VulnAPI
uses: cerberauth/vulnapi-action@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
curl:
'curl http://localhost:8080 -H "Authorization: Bearer eyJhbGci..."'| Name | Required | Description | Default |
|---|---|---|---|
| version | false | The version of the file to scan. | latest |
| Name | Required | Description | Default |
|---|---|---|---|
| curl | false | The curl command to scan. |
| Name | Required | Description | Default |
|---|---|---|---|
| openapi | false | The OpenAPI file location (path or URL) |
Scan results are output to the console.
This scanner is provided for educational and informational purposes only. It should not be used for malicious purposes or to attack any system without proper authorization. Always respect the security and privacy of others.
This repository is licensed under the MIT License @ CerberAuth.