Skip to content

Commit

Permalink
Merge pull request #81 from OWASP/dev
Browse files Browse the repository at this point in the history
Dev Release: v0.17.2 Publish Github Action
  • Loading branch information
dmdhrumilmistry authored Apr 19, 2024
2 parents 73f61e6 + fe00857 commit b06914b
Show file tree
Hide file tree
Showing 3 changed files with 58 additions and 2 deletions.
56 changes: 56 additions & 0 deletions action.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
name: 'OWASP OFFAT CICD Scanner'
description: 'Autonomously assesses your API for prevalent vulnerabilities in CICD pipelines'
branding:
icon: shield
color: blue

inputs:
file:
description: 'path or url of openapi/swagger specification file'
required: true

rate_limit:
description: 'API requests rate limit per second. default: 60'
required: false
default: '60'

artifact_retention_days:
description: 'artifact retention period in days. default: 2'
required: false
default: '2'

runs:
using: composite
steps:
- name: Setup Python 3.12
uses: actions/[email protected]
with:
python-version: '3.12'

- name: Install OFFAT
run: pip install -U offat
shell: bash

- name: Run Scanner
env:
scanner_file: ${{ inputs.file }}
scanner_rate_limit: ${{ inputs.rate_limit }}

run: |
mkdir -p ./offat-tmp/
offat --file $scanner_file --rate-limit $scanner_rate_limit -of json -o ./offat-tmp/results.json --capture-failed -H 'User-Agent: github-action-offat'
shell: bash

- name: Upload Scan Results to Artifacts
uses: actions/upload-artifact@v4
with:
name: offat-results.json
path: ./offat-tmp/results.json
retention-days: ${{ inputs.artifact_retention_days }}
# retention period docs: https://docs.github.com/en/actions/learn-github-actions/usage-limits-billing-and-administration#artifact-and-log-retention-policy

- name: CleanUp
run: rm -rf ./offat-tmp/
shell: bash


2 changes: 1 addition & 1 deletion src/offat/__main__.py
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,7 @@ def start():
'--output',
dest='output_file',
type=str,
help='path to store test results in specified format. Default format is html',
help='path to store test results',
required=False,
default=None,
)
Expand Down
2 changes: 1 addition & 1 deletion src/pyproject.toml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[tool.poetry]
name = "offat"
version = "0.17.1"
version = "0.17.2"
description = "Offensive API tester tool automates checks for common API vulnerabilities"
authors = ["Dhrumil Mistry <[email protected]>"]
license = "MIT"
Expand Down

0 comments on commit b06914b

Please sign in to comment.