{"id":14978861,"url":"https://github.com/multicatch/cucumber-audit","last_synced_at":"2026-02-03T14:02:48.931Z","repository":{"id":52653316,"uuid":"248204876","full_name":"multicatch/cucumber-audit","owner":"multicatch","description":"Tools for testing and automated scenario-based auditing","archived":false,"fork":false,"pushed_at":"2023-09-15T07:22:11.000Z","size":7534,"stargazers_count":1,"open_issues_count":3,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-08-01T13:55:33.349Z","etag":null,"topics":["cucumber-jvm","gherkin","selenium","threat-modeling"],"latest_commit_sha":null,"homepage":"","language":"Kotlin","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/multicatch.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-03-18T10:48:05.000Z","updated_at":"2023-09-13T09:14:53.000Z","dependencies_parsed_at":"2024-09-24T01:31:09.964Z","dependency_job_id":"8c23c0da-baf3-4d39-8a25-91a1cbc2b084","html_url":"https://github.com/multicatch/cucumber-audit","commit_stats":{"total_commits":120,"total_committers":2,"mean_commits":60.0,"dds":0.01666666666666672,"last_synced_commit":"6c87e3794990b1096bdf9ed8036f558f681d19fe"},"previous_names":[],"tags_count":5,"template":false,"template_full_name":null,"purl":"pkg:github/multicatch/cucumber-audit","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/multicatch%2Fcucumber-audit","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/multicatch%2Fcucumber-audit/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/multicatch%2Fcucumber-audit/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/multicatch%2Fcucumber-audit/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/multicatch","download_url":"https://codeload.github.com/multicatch/cucumber-audit/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/multicatch%2Fcucumber-audit/sbom","scorecard":{"id":667903,"data":{"date":"2025-08-18","repo":{"name":"github.com/multicatch/cucumber-audit","commit":"6c87e3794990b1096bdf9ed8036f558f681d19fe"},"scorecard":{"version":"v5.2.1-41-g40576783","commit":"40576783fda6698350fcbbeaea760ff827433034"},"score":2.5,"checks":[{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/40576783fda6698350fcbbeaea760ff827433034/docs/checks.md#packaging"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/40576783fda6698350fcbbeaea760ff827433034/docs/checks.md#maintained"}},{"name":"Code-Review","score":0,"reason":"Found 0/13 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/40576783fda6698350fcbbeaea760ff827433034/docs/checks.md#code-review"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/40576783fda6698350fcbbeaea760ff827433034/docs/checks.md#binary-artifacts"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/40576783fda6698350fcbbeaea760ff827433034/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/main.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/40576783fda6698350fcbbeaea760ff827433034/docs/checks.md#token-permissions"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:83: update your workflow using https://app.stepsecurity.io/secureworkflow/multicatch/cucumber-audit/main.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:86: update your workflow using https://app.stepsecurity.io/secureworkflow/multicatch/cucumber-audit/main.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:101: update your workflow using https://app.stepsecurity.io/secureworkflow/multicatch/cucumber-audit/main.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:121: update your workflow using https://app.stepsecurity.io/secureworkflow/multicatch/cucumber-audit/main.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:124: update your workflow using https://app.stepsecurity.io/secureworkflow/multicatch/cucumber-audit/main.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:130: update your workflow using https://app.stepsecurity.io/secureworkflow/multicatch/cucumber-audit/main.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/multicatch/cucumber-audit/main.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/multicatch/cucumber-audit/main.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/multicatch/cucumber-audit/main.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/multicatch/cucumber-audit/main.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/multicatch/cucumber-audit/main.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/multicatch/cucumber-audit/main.yml/master?enable=pin","Info:   0 out of  10 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   2 third-party GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/40576783fda6698350fcbbeaea760ff827433034/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/40576783fda6698350fcbbeaea760ff827433034/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/40576783fda6698350fcbbeaea760ff827433034/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/40576783fda6698350fcbbeaea760ff827433034/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/40576783fda6698350fcbbeaea760ff827433034/docs/checks.md#license"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v1.0.3 not signed: https://api.github.com/repos/multicatch/cucumber-audit/releases/41822850","Warn: release artifact v1.0.2 not signed: https://api.github.com/repos/multicatch/cucumber-audit/releases/27883839","Warn: release artifact v1.0.1 not signed: https://api.github.com/repos/multicatch/cucumber-audit/releases/27843768","Warn: release artifact v1.0.3 does not have provenance: https://api.github.com/repos/multicatch/cucumber-audit/releases/41822850","Warn: release artifact v1.0.2 does not have provenance: https://api.github.com/repos/multicatch/cucumber-audit/releases/27883839","Warn: release artifact v1.0.1 does not have provenance: https://api.github.com/repos/multicatch/cucumber-audit/releases/27843768"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/40576783fda6698350fcbbeaea760ff827433034/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/40576783fda6698350fcbbeaea760ff827433034/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 20 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/40576783fda6698350fcbbeaea760ff827433034/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"16 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-cfxw-4h78-h7fw","Warn: Project is vulnerable to: GHSA-crjg-w57m-rqqf","Warn: Project is vulnerable to: GHSA-mmwx-rj87-vfgr","Warn: Project is vulnerable to: GHSA-5jpm-x58v-624v","Warn: Project is vulnerable to: GHSA-prj3-ccx8-p6x4","Warn: Project is vulnerable to: GHSA-xpw8-rcwv-8f8p","Warn: Project is vulnerable to: GHSA-389x-839f-4rhx","Warn: Project is vulnerable to: GHSA-xq3w-v528-46rv","Warn: Project is vulnerable to: GHSA-4g8c-wm8x-jfhw","Warn: Project is vulnerable to: GHSA-j288-q9x7-2f5v","Warn: Project is vulnerable to: GHSA-mfj5-cf8g-g2fv","Warn: Project is vulnerable to: GHSA-4cx2-fc23-5wg6","Warn: Project is vulnerable to: GHSA-8xfc-gm6g-vgpv","Warn: Project is vulnerable to: GHSA-hr8g-6v94-x4m9","Warn: Project is vulnerable to: GHSA-v435-xc8x-wvr9","Warn: Project is vulnerable to: GHSA-wjxj-5m7g-mg7q"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/40576783fda6698350fcbbeaea760ff827433034/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-21T18:46:48.917Z","repository_id":52653316,"created_at":"2025-08-21T18:46:48.917Z","updated_at":"2025-08-21T18:46:48.917Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29047079,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-03T10:09:22.136Z","status":"ssl_error","status_checked_at":"2026-02-03T10:09:16.814Z","response_time":96,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cucumber-jvm","gherkin","selenium","threat-modeling"],"created_at":"2024-09-24T13:58:32.776Z","updated_at":"2026-02-03T14:02:48.915Z","avatar_url":"https://github.com/multicatch.png","language":"Kotlin","funding_links":[],"categories":[],"sub_categories":[],"readme":"# cucumber-audit\n\n[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=multicatch_cucumber-audit\u0026metric=alert_status)](https://sonarcloud.io/summary/new_code?id=multicatch_cucumber-audit)\n[![Coverage](https://sonarcloud.io/api/project_badges/measure?project=multicatch_cucumber-audit\u0026metric=coverage)](https://sonarcloud.io/summary/new_code?id=multicatch_cucumber-audit)\n\nEasy automated auditing with preconfigured step definitions.\n\nThis project aims to provide an easy way for configuring an automated audit or web application test using Selenium and Cucumber.\n\n## Features\n\n* write audit scenarios using natural language (Gherkin) thanks to [Cucumber](https://github.com/cucumber/cucumber)\n* explore your application and inspect responses thanks to [Selenium](https://github.com/SeleniumHQ/selenium)\n* use prepared step definitions for writing scenarios without Java/Kotlin knowledge\n* use variable substitution in feature files\n* manipulate or inspect HTTP requests and responses thanks to [browsermob-proxy](https://github.com/lightbody/browsermob-proxy)\n\n## Full Documentation\n\n[Available here](doc/README.md)\n\n## Sample Scenario\n\nBy using predefined steps from this project, you can build a feature like the following:\n\n```gherkin\nFeature: Example Feature\n\n  Scenario: An Expected Response\n    Given app running on \"https://httpbin.org\" has already started\n    And the response content is under inspection\n    When I go to \"https://httpbin.org\"\n    Then the response should contain \"A simple HTTP Request \u0026amp; Response Service.\"\n```\n\nFeel free to extend it with more steps, comments or annotations:\n\n```gherkin\n  @InformationDisclosure\n  Scenario: Exploitation of System Software Information In Headers\n  The disclosure of software information may be used to provide knowledge about known vulnerabilities of\n  a particular version. The \"Server\" and \"X-Powered-By\" headers provide information about technology that\n  is used on the server side. Disabling them makes it more difficult to exploit the server software.\n\n    Given the response headers are under inspection\n    When I go to \"$auth_application_url\"\n    Then the \"Server\" response header should not contain numbers\n    And the \"X-Powered-By\" response header should not contain numbers\n```\n\n## Running Sample Scenarios\n\nThe scenarios are available [here](cucumber-audit-scenarios/src/main/resources/io/github/multicatch/cucumber/audit).\n\nDownload a Selenium Gecko driver and run the following command in the project directory:\n\n```shell script\nmvn test -DfailIfNoTests=false -Dtest=CucumberTest -Dwebdriver.gecko.driver=/path/to/geckodriver\n```\n\n## Running It Standalone\n\nYou can run it standalone using jar build in cucumber-audit-standalone module.\n\nExample:\n\n```shell script\njava -jar cucumber-audit-standalone.jar path/to/features \\\n  --glue io.github.multicatch.cucumber.audit \\\n  --plugin pretty \\\n  --webdriver.type GECKO \\\n  --webdriver.gecko.driver path/to/geckodriver \\\n  --webdriver.headless true\n```\n\nInstead of `path/to/features` provide a path to your `*.feature` files. \n\nOther options:\n* `webdriver.type` - specify type of the webdriver used (GECKO/CHROME)\n* `webdriver.gecko.driver` - specify location of the geckodriver binary\n* `webdriver.chrome.driver` - specify location of the chromedriver binary\n* `webdriver.headless` - specify whether to start browser in the headless or not (true/false)\n\nYou can also use options available in cucumber standalone. To see them use `--help`.\n\nTo use variable substitution plugin, use `--plugin io.github.multicatch.cucumber.audit.variables.VariableResolvingRedactor` option.\nVariables will be read from the environment.\n\n## Pretty reports\n\nThis project uses [`de.monochromata.cucumber:reporting-plugin`](https://gitlab.com/monochromata-de/cucumber-reporting-plugin) to generate pretty reports.\n\nBy default, pretty html reports are generated into `cucumber-audit-scenarios/target/cucumber/cucumber-html-reports` directory.\n\nReports are automatically deployed and available here:\n* [master](https://multicatch.github.io/cucumber-audit/master/cucumber-html-reports/overview-features.html)\n* [develop](https://multicatch.github.io/cucumber-audit/develop/cucumber-html-reports/overview-features.html)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmulticatch%2Fcucumber-audit","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmulticatch%2Fcucumber-audit","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmulticatch%2Fcucumber-audit/lists"}