{"id":18575135,"url":"https://github.com/portswigger/dastardly-github-action","last_synced_at":"2025-06-27T19:34:08.157Z","repository":{"id":62657591,"uuid":"552851897","full_name":"PortSwigger/dastardly-github-action","owner":"PortSwigger","description":"Runs a scan using Dastardly by Burp Suite against a target site and creates a JUnit XML report for the scan on completion.","archived":false,"fork":false,"pushed_at":"2024-07-22T15:09:01.000Z","size":9,"stargazers_count":270,"open_issues_count":2,"forks_count":93,"subscribers_count":11,"default_branch":"main","last_synced_at":"2025-01-26T19:47:22.653Z","etag":null,"topics":["automation","dast","devsecops","security-tools"],"latest_commit_sha":null,"homepage":"https://portswigger.net/burp/dastardly","language":"Dockerfile","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/PortSwigger.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-10-17T10:26:32.000Z","updated_at":"2025-01-22T14:18:22.000Z","dependencies_parsed_at":"2024-06-18T18:39:38.686Z","dependency_job_id":"ae5d740f-c471-4ae8-b077-cae3d69d92f3","html_url":"https://github.com/PortSwigger/dastardly-github-action","commit_stats":{"total_commits":6,"total_committers":4,"mean_commits":1.5,"dds":0.5,"last_synced_commit":"054b0d6fff8bf37943337d0c3c7a7d517868997d"},"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PortSwigger%2Fdastardly-github-action","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PortSwigger%2Fdastardly-github-action/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PortSwigger%2Fdastardly-github-action/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PortSwigger%2Fdastardly-github-action/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/PortSwigger","download_url":"https://codeload.github.com/PortSwigger/dastardly-github-action/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":239311619,"owners_count":19618013,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["automation","dast","devsecops","security-tools"],"created_at":"2024-11-06T23:17:45.614Z","updated_at":"2025-02-17T15:12:27.096Z","avatar_url":"https://github.com/PortSwigger.png","language":"Dockerfile","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Dastardly Scan Action\n\nThis action runs a Dastardly vulnerability scan against a target site. On completion, a JUnit XML report is generated containing information about the vulnerabilities found, where\nthey were located, additional information about the vulnerability and links to our learning resources with suggestions on how to fix them.\n\n## About Dastardly\n\n- [Dastardly](https://portswigger.net/burp/dastardly) is a free, lightweight web application security scanner for your CI/CD pipeline.\n- It is designed specifically for web developers, and checks your application for [seven security issues](https://portswigger.net/burp/dastardly/scan-checks) that are likely to interest you during software development.\n- Dastardly is based on the same scanner as [Burp Suite](https://portswigger.net/burp) (Burp Scanner).\n\nFor full documentation on using Dastardly, please consult the [Dastardly documentation](https://portswigger.net/burp/documentation/dastardly).\n\nAlready used Dastardly? [Tell us what you think here](https://forms.gle/8Va7ombB793HqFKw5).\n\n## Inputs\n\n## `target-url`\n\n**Required** The full URL (including scheme) of the site to scan.\n\n## `output-filename`\n\n**Optional** The name of the output report file. This will be stored in the GITHUB_WORKSPACE (/github/workspace) directory.\n\n**Default** `dastardly-report.xml`\n\n## Examples\nBelow are some examples of how to use the action by running a Dastardly scan against our very own [Gin and Juice Shop](https://ginandjuice.shop) site. This is a deliberately\nvulnerable web application designed for testing web vulnerability scanners.\n\n## Basic Usage\n```\nsteps:\n  - name: Run Dastardly Action Step\n    uses: PortSwigger/dastardly-github-action@main\n    with:\n      target-url: 'https://ginandjuice.shop'\n```\n\n## Suggested Usage\nDastardly produces a JUnit XML report of the scan on completion. This report will only include vulnerability details if vulnerabilities were found by the scanner.\n\nBy default, if Dastardly finds any issue with a severity level of `LOW`, `MEDIUM`, or `HIGH`, it will fail a workflow build.\n\nThis may be fine for your use case, but you may want to consider pairing this action with a JUnit XML parser that runs whether or not the Dastardly action step succeeded. You can\ndo this by adding `continue-on-error: true` to the Dastardly action step, or adding a condition for the parser to run regardless of success or failure.\n\n```\nsteps:\n  - name: Run Dastardly Action Step\n    continue-on-error: true                        # This allows subsequent steps to run even if this step fails\n    uses: PortSwigger/dastardly-github-action@main\n    with:\n      target-url: 'https://ginandjuice.shop'\n\n  # You can replace this next step with any JUnit XML parser of your choosing\n  - name: Publish Test Report\n    if: always()                                    # Forces this step to always run\n    uses: mikepenz/action-junit-report@v3\n    with:\n      report_paths: '**/dastardly-report.xml'       # You need to update this path if you pass in a different output filename to the Dastardly action\n      require_tests: true\n```\n\nWe suggest passing `require_tests: true` to this parser so that your workflow will fail if it could not find your specified output file.\n\n\nDocumentation for the parser used in this example can be found [here](https://github.com/marketplace/actions/junit-report-action).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fportswigger%2Fdastardly-github-action","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fportswigger%2Fdastardly-github-action","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fportswigger%2Fdastardly-github-action/lists"}