{"id":13533128,"url":"https://github.com/akto-api-security/akto","last_synced_at":"2026-05-30T07:02:53.851Z","repository":{"id":65859259,"uuid":"595526110","full_name":"akto-api-security/akto","owner":"akto-api-security","description":"Proactive, Open source API security → API discovery, API Security Posture, Testing in CI/CD, Test Library with 1000+ Tests, Add custom tests, Sensitive data exposure","archived":false,"fork":false,"pushed_at":"2026-05-23T09:09:11.000Z","size":365718,"stargazers_count":1476,"open_issues_count":291,"forks_count":283,"subscribers_count":17,"default_branch":"master","last_synced_at":"2026-05-23T11:37:12.117Z","etag":null,"topics":["api-discovery","api-security","api-security-posture","api-security-testing","api-testing","authentication","authorization","devsecops","devsecops-pipeline","hacktoberfest","hacktoberfest2023","idor","owasp-top-10","security","security-testing","sensitive-data-exposure","threat-detection"],"latest_commit_sha":null,"homepage":"https://www.akto.io/","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/akto-api-security.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE.md","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2023-01-31T09:07:07.000Z","updated_at":"2026-05-22T14:23:58.000Z","dependencies_parsed_at":"2026-04-06T09:02:55.029Z","dependency_job_id":"6824377d-64d4-467b-b1e3-3a978f38c84f","html_url":"https://github.com/akto-api-security/akto","commit_stats":null,"previous_names":[],"tags_count":1482,"template":false,"template_full_name":null,"purl":"pkg:github/akto-api-security/akto","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/akto-api-security%2Fakto","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/akto-api-security%2Fakto/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/akto-api-security%2Fakto/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/akto-api-security%2Fakto/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/akto-api-security","download_url":"https://codeload.github.com/akto-api-security/akto/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/akto-api-security%2Fakto/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33682998,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-05-30T02:00:06.278Z","response_time":92,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["api-discovery","api-security","api-security-posture","api-security-testing","api-testing","authentication","authorization","devsecops","devsecops-pipeline","hacktoberfest","hacktoberfest2023","idor","owasp-top-10","security","security-testing","sensitive-data-exposure","threat-detection"],"created_at":"2024-08-01T07:01:16.813Z","updated_at":"2026-05-30T07:02:53.834Z","avatar_url":"https://github.com/akto-api-security.png","language":"Java","funding_links":[],"categories":["DAST","Tools","安全","Java","security"],"sub_categories":[],"readme":"\u003ca href=\"https://artifacthub.io/packages/search?repo=akto\" _target=\"blank\"\u003e\n  \u003cimg src=\"https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/akto\"/\u003e\n\u003c/a\u003e  \n\n\n\u003ca href=\"https://www.akto.io/blog/akto-takes-center-stage-at-black-hat-2023-in-las-vegas\" _target=\"blank\"\u003e\n  \u003cimg src=\"https://img.shields.io/badge/Black_Hat_Arsenal-USA_2023-blue?style=square\"/\u003e\n\u003c/a\u003e  \n\n\n\u003ca href=\"https://www.akto.io/blog/akto-presentation-at-defcon-2023-in-las-vegas\" _target=\"blank\"\u003e\n  \u003cimg src=\"https://img.shields.io/badge/Defcon-USA_2023-blue?style=square\"/\u003e\n\u003c/a\u003e  \n\n\u003cbr/\u003e \n\u003ca href=\"https://github.com/akto-api-security/akto/commits/master\" _target=\"blank\"\u003e\n  \u003cimg src=\"https://img.shields.io/github/commit-activity/m/akto-api-security/akto?label=commits\u0026logo=github\"/\u003e\n\u003c/a\u003e  \n\n\u003ca href=\"https://github.com/akto-api-security/akto/releases\" _target=\"blank\"\u003e\n  \u003cimg src=\"https://img.shields.io/github/release-date/akto-api-security/akto?label=latest%20release\u0026logo=docker\"/\u003e\n\u003c/a\u003e\n\n\u003ca href=\"https://discord.gg/Wpc6xVME4s\" _target=\"blank\"\u003e\n  \u003cimg src=\"https://img.shields.io/discord/1070706429402562733?logo=Discord\"/\u003e\n\u003c/a\u003e\n\n\u003ca href=\"https://hub.docker.com/r/aktosecurity/akto-api-security-dashboard/tags?page=1\u0026name=local\" _target=\"blank\"\u003e\n  \u003cimg src=\"https://img.shields.io/docker/image-size/aktosecurity/akto-api-security-dashboard?logo=docker\"/\u003e\n\u003c/a\u003e\n\n\u003ca href=\"https://github.com/akto-api-security/akto/issues?q=label%3Ahackfest\" _target=\"blank\"\u003e\n  \u003cimg src=\"https://img.shields.io/github/issues/akto-api-security/akto/hackfest?logo=github\"/\u003e\n\u003c/a\u003e\n\n\u003c!--a href=\"https://hub.docker.com/r/aktosecurity/akto-api-security-dashboard\" _target=\"blank\"\u003e\n  \u003cimg src=\"https://img.shields.io/docker/pulls/aktosecurity/akto-api-security-dashboard?logo=docker\"/\u003e\n\u003c/a--\u003e\n\n\n\u003ca href=\"https://hub.docker.com/r/aktosecurity/akto-api-security-dashboard\" _target=\"blank\"\u003e\n  \u003cimg src=\"https://img.shields.io/badge/Docker_pulls-10K+-blue?logo=docker\"/\u003e\n\u003c/a\u003e\n\n\n# Akto.io API Security\n\n## Contributors\n\u003ca href=\"https://github.com/akto-api-security/akto/graphs/contributors\"\u003e\n  \u003cimg src=\"https://contrib.rocks/image?repo=akto-api-security/akto\" /\u003e\n\u003c/a\u003e\n\n\n# What is Akto?\n\n[How it works](https://docs.akto.io/#how-it-works) • [Getting-Started](https://docs.akto.io/#how-to-get-started) • [API Inventory](https://docs.akto.io/api-inventory/api-collections) • [API testing](https://docs.akto.io/testing/run-test) • [Add Test](https://docs.akto.io/testing/test-library) • [Join Discord community](https://discord.com/invite/Wpc6xVME4s) •\n\nAkto is an instant, open source API security platform that takes only 60 secs to get started. Akto is used by security teams to maintain a continuous inventory of APIs, test APIs for vulnerabilities and find runtime issues. Akto offers coverage for all OWASP top 10 and HackerOne Top 10 categories including BOLA, authentication, SSRF, XSS, security configurations, etc. Akto's powerful testing engine runs variety of business logic tests by reading traffic data to understand API traffic pattern leading to reduced false positives. Akto can integrate with multiple traffic sources - burpsuite, AWS, postman, GCP, gateways, etc. Here is our [public roadmap](https://github.com/orgs/akto-api-security/projects/8) for this quarter.\n\n\nAkto enables security and engineering teams to secure their APIs by doing three things:\n\n1. [API inventory](https://docs.akto.io/api-inventory/api-collections)\n2. [Run business logic tests in CI/CD](https://docs.akto.io/testing/run-test)\n3. [Find vulnerabilities in run-time](https://docs.akto.io/api-inventory/sensitive-data)\n\n\nhttps://user-images.githubusercontent.com/91306853/216407351-d18c396b-5cd0-4cbc-a350-10a76b1d67b3.mp4\n\n## How it works?\n\nStep 1: Create inventory\n\n\u003cfigure\u003e\u003cimg src=\"https://2145800921-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FRc4KTKGprZI2sPWKoaLe%2Fuploads%2FRXIYBFFP0cIi5gyJ02ZD%2FScreenshot%202023-01-26%20at%205.07.03%20PM.png?alt=media\u0026token=d2976b86-d0cf-40f6-b17a-2611adceea05\" alt=\"\"\u003e\u003cfigcaption\u003e\u003c/figcaption\u003e\u003c/figure\u003e\n\nStep 2: Run tests\n\n\u003cfigure\u003e\u003cimg src=\"https://2145800921-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FRc4KTKGprZI2sPWKoaLe%2Fuploads%2FPBJv5INL2k1UZOUXPbOG%2FScreenshot%202023-01-26%20at%205.08.19%20PM.png?alt=media\u0026token=511b637c-1558-434a-b606-7983d24006a9\" alt=\"\"\u003e\u003cfigcaption\u003e\u003c/figcaption\u003e\u003c/figure\u003e\n\n## How to get Started?\n\n### Using docker-compose (works for any machine which has Docker installed)\nRun the following commands to install Akto. You'll need to have curl and Docker installed in order to run the container..\n1. Clone the Akto repo by using this command `git clone https://github.com/akto-api-security/akto.git`\n2. Go to the cloned directory `cd akto` \n3. Run `docker-compose up -d`\n\u003cdetails\u003e\n  \u003csummary\u003e\u003ch4\u003eIf you are setting this up in your own Cloud (AWS/GCP/Heroku), read this section\u003c/h4\u003e\u003c/summary\u003e\n\nPlease ensure the following for good security practices\n1. Open inbound security rule for port 9090 only. And restrict the source CIDR to VPC CIDR or your IP only. \n2. Use an EC2 from a private subnet - \n    \n    a. This way, no one will be able to make an inbound request to your machine. \n    \n    b. Ensure this private subnet has access to Internet so that outbound calls can succeed!\n    \n    c. You might have to set up tunneling to access instance via VPN using `ssh -i pemfile ec2-user@vpn-public-instance -L 9090:private-instance:9090`\n    \n    d. In your browser, visit `http://private-instance:9090`\n\n3. Use an EC2 from a public subnet - please don't! If you still want to do this, you can skip 2.b and 2.c. Simply access your instance via `http://ip:9090`\n\nAkto is really powerful in Cloud deployment if you can provide your application's mirrored traffic (0 performance impact). You would also be able to schedule tests in CI/CD and invite more team members on the dashboard. For that, you should install Akto Enterprise edition available [here](https://stairway.akto.io). Read more about it [here](https://www.akto.io/pricing)\n\n\u003c/details\u003e  \n  \n## API Security testing tutorials\n\n| Title | Link |\n| ------------- | ------------- |\n| Introduction | https://www.youtube.com/watch?v=oFt4OVmfE2s |\n| **Tutorial 1:** SSRF Port Scanning (OWASP API7:2023) | https://www.youtube.com/watch?v=WjNNh6asAD0 |\n\n\n## Develop and contribute\n\n\u003cdetails\u003e\n  \u003csummary\u003e\u003ch3\u003eQuicksetup using VSCode Devcontainers\u003c/h3\u003e\u003c/summary\u003e\n\n### Prerequisites:\n\n1. [Install VSCode](https://code.visualstudio.com/)\n2. [Install VSCode Dev Containers extension](https://marketplace.visualstudio.com/items?itemName=ms-vscode-remote.remote-containers)  \n3. **Windows:** [Docker Desktop](https://www.docker.com/products/docker-desktop) 2.0+ on Windows 10 Pro/Enterprise. Windows 10 Home (2004+) requires Docker Desktop 2.3+ and the [WSL 2 back-end](https://aka.ms/vscode-remote/containers/docker-wsl2). \n4. **macOS**: [Docker Desktop](https://www.docker.com/products/docker-desktop) 2.0+.\n5. **Linux**: [Docker CE/EE](https://docs.docker.com/install/#supported-platforms) 18.06+ and [Docker Compose](https://docs.docker.com/compose/install) 1.21+.\n\n**Note**: If using Docker Desktop, consider changing the memory allocation to 8 GB for better performance  \n  \n### Steps:\n\n#### Clone repo and open in vscode\n\n1. Open terminal\n2. `mkdir ~/akto_code`\n3. `cd ~/akto_code`\n4. `git clone https://github.com/akto-api-security/akto`\n5. Open in VScode: `code akto`\n\n#### Start Dev Container\n\n1. Go to View \u003e Command Palette and type: Dev Containers: Reopen in Container\n\u003cimg src=\"https://user-images.githubusercontent.com/125550503/225829693-0c627020-9fe3-4738-80e0-39f076780c3b.png\"\u003e\u003c/img\u003e\n2. Wait for the Dev Container to set up.\n3. Open **localhost:9090** in your web browser to see the Akto dashboard\n\n\u003c/details\u003e\n\n\n\u003cdetails\u003e\n  \u003csummary\u003e\u003ch3\u003e Manual Setup Instructions\u003c/h3\u003e \u003c/summary\u003e\n\n### Prerequisites\nOpenJDK 8, node(v18.7.0+ [link](https://nodejs.org/download/release/v18.7.0/)), npm(v8.15.0+), maven (v3.6.3 [link](https://dlcdn.apache.org/maven/maven-3/3.6.3/binaries/)), MongoDB (v5.0.3+ [link](https://www.mongodb.com/docs/manual/administration/install-community/))\n\n\n#### Clone repo\n1. `mkdir ~/akto_code`\n2. `cd akto_code`\n3. `git clone https://github.com/akto-api-security/akto`\n\n#### Setup database\n\n1. `Open a new terminal tab`\n2. `cd ~`\n3. `mkdir ~/akto_mongo_data`\n4. `\u003cpath_to_mongo_folder\u003e/bin/mongod --dbpath ~/akto_mongo_data`\n\n#### Setup Frontend\n\n1. `Open a new terminal tab`\n2. `cd ~/akto_code/akto`\n3. `cd apps/dashboard/web/polaris_web`\n4. `npm install`\n5. `npm run hot`\n\n#### Setup Dashboard\n\n1. `Open a new terminal tab`\n2. `cd ~/akto_code/akto`\n3. `export AKTO_MONGO_CONN=\"mongodb://localhost:27017\"`\n4. `export DASHBOARD_MODE=\"local_deploy\"`\n5. `mvn clean install`\n6. `mvn --projects :dashboard --also-make jetty:run -Djetty.port=9090`\n\n#### Setup Testing\n\n1. `Open a new terminal tab`\n2. `cd ~/akto_code/akto`\n3. `cd apps/testing`\n4. `export AKTO_MONGO_CONN=\"mongodb://localhost:27017\"`\n5. `mvn compile; mvn exec:java -Dexec.mainClass=\"com.akto.testing.Main\"`\n\n  \u003c/details\u003e  \n  \n#### Using Testing CLI tool\n\nRun the following command to run testing CLI tool\n\n```bash\ndocker run -v ./:/out  \\ # needed to generate test report on host machine\n    -e TEST_IDS='JWT_NONE_ALGO REMOVE_TOKENS' \\ # space separated test ids\n    -e AKTO_DASHBOARD_URL='\u003cAKTO_DASHBOARD_URL\u003e' \\ \n    -e AKTO_API_KEY='\u003cAKTO_API_KEY\u003e' \\ \n    -e API_COLLECTION_ID='123' \\ # api collection id on which you want to run tests\n    -e TEST_APIS='https://demo.com/api/books https://demo.com/api/cars' \\ # space separated apis from the api collection on which you want to run tests. If not present, all apis in the collection will be tested. [optional]\n    -e OVERRIDE_APP_URL='https://dummy.com' \\ # If you want to test on a separate host. [optional] \n    aktosecurity/akto-api-testing-cli\n```\n\n### Play around\n\n1. Open `localhost:9090` in your favourite browser\n2. You will need to signup when logging in for the first time, next time onwards you can login\n\n\u003cdetails\u003e  \n  \u003csummary\u003e\u003ch3\u003eDebug\u003c/h3\u003e\u003c/summary\u003e\n1. To debug front end, install Vue.js Chrome extension from [here](https://devtools.vuejs.org/guide/installation.html).\n2. To debug backend, run the following before running web server - \n  a. Set MAVEN_OPTS variable to enable debugging on your Java process\n        \n        export MAVEN_OPTS=\"-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=8081, -Dcom.sun.management.jmxremote=true -Dcom.sun.management.jmxremote.port=9010 -Dcom.sun.management.jmxremote.rmi.port=9010 -Dcom.sun.management.jmxremote.local.only=false -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false\"\n        \n  b. In Visual Studio code, click on any line number to set a breakpoint.\n    \n  c.  Attach the Java debugger from Run and Debug mode. If you are doing this for the first time, click on “Create launch.json file” and then “Add configuration”. Choose “Java: Attach process by ID” and save the file. \u003cbr/\u003e\n     \u003cimg width=\"426\" alt=\"img1\" src=\"https://user-images.githubusercontent.com/91221068/217048839-dbb00c48-00df-419b-8f32-cdb2d47a2218.png\"\u003e\u003cbr/\u003e\n  d. A list of running Java processes with show up. Select the web server process to attach the debugger\n\n\u003c/details\u003e  \n\u003ca href=\"https://hits.sh/github.com/akto-api-security/hits.svg?label=Hits%20since%2020%2F5\u0026color=FFFFFF\u0026labelColor=FFFFFF\"\u003e\u003cimg alt=\"Hits\" src=\"https://hits.sh/github.com/akto-api-security/hits.svg?label=Hits%20since%2020%2F5\u0026color=FFFFFF\u0026labelColor=FFFFFF\"/\u003e\u003c/a\u003e \n  \n## Contributing\n\nWe welcome contributions to this project. Please read our [CONTRIBUTING.md](CONTRIBUTING.md) for more information on how to get involved.\n\n## License\n\nThis project is licensed under the [MIT License](LICENSE.md).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fakto-api-security%2Fakto","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fakto-api-security%2Fakto","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fakto-api-security%2Fakto/lists"}