mapi-action/action.yml at main · ForAllSecure/mapi-action · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
name: 'Mayhem for API'
description: 'Automatically test your REST APIs with your OpenAPI specs and Postman collections'
author: 'ForAllSecure'
inputs:
  mayhem-token:
    description: Mayhem token
  api-url:
    description: URL pointing to your running API you started before calling this action (don't fuzz your production API!)
    required: true
  api-spec:
    description: Path to your Swagger 2.0 or OpenAPI 3.0 specification, or your Postman collection. Can be a URL.
    required: true
  target:
    description: The organization-scoped name of your target, such as example/my-test-target. Auto-generated from your GitHub Repository name if unspecified.
  zap-api-scan:
    description: Include results from ZAP - API Scan. This run ZAP - API Scan and merge the results with your Mayhem for API results.
    default: 'false'
  duration:
    description: Scan duration
    default: auto
  sarif-report:
    description: SARIF output path. You can upload it to GitHub using the 'github/codeql-action/upload-sarif@v1' action
  html-report:
    description: HTML output path. You can upload the artifact to GitHub using the 'actions/upload-artifact@v4' action
  experimental-rewrite-plugin:
    description: --experimental-rewrite-plugin option value
  experimental-classify-plugin:
    description: --experimental-classify-plugin option value
  github-token:
    description: github token for posting feedback
    required: false
    default: ${{ github.token }}
  run-args:
    description: A list of additional arguments (separated by '\n') to include in the call to 'mapi run'. Run 'mapi run --help' for a complete list of arguments.
  mayhem-url:
    description: "Mayhem API override. | https://app.mayhem.security"
runs:
  using: 'node20'
  main: 'dist/index.js'
branding:
  icon: 'shield'
  color: 'red'
permissions: write-all