https://github.com/datatheorem/datatheorem-api-secure-action

Integration to request RESTful APIs scans from Github Actions
https://github.com/datatheorem/datatheorem-api-secure-action

Last synced: 4 months ago
JSON representation

Integration to request RESTful APIs scans from Github Actions

• Host: GitHub
• URL: https://github.com/datatheorem/datatheorem-api-secure-action
• Owner: datatheorem
• Created: 2021-05-31T13:10:07.000Z (about 4 years ago)
• Default Branch: main
• Last Pushed: 2021-06-07T17:57:29.000Z (about 4 years ago)
• Last Synced: 2024-04-21T14:29:59.025Z (about 1 year ago)
• Language: Shell
• Homepage:
• Size: 3.91 KB
• Stars: 0
• Watchers: 5
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

        
# API Secure

Data Theorem's API Secure will scan your RESTful APIs for security issues, 

including, but not limited to, SQL injection, SSRF, XSS, and PII/PHI data publicly accessible on the Internet.

More information can be found here:

https://www.datatheorem.com/products/api-secure

Valid Data Theorem API key required.

## Set your Data Theorem API key as a secret

To find your Data Theorem API key, connect to https://www.securetheorem.com/mobile/sdlc/results_api_access 

using your Data Theorem account.  

Create an encrypted variable named `DT_RESULTS_API_KEY` in your Github repository.

For more information, see [Github Encrypted secrets](https://docs.github.com/en/actions/reference/encrypted-secrets).

## Find your RESTful API's ID

Go to your [API Secure inventory]((https://securetheorem.com/api/inventory)) in the Data Theorem portal and find 

the RESTful API you wish to scan.

Retrieve the RESTful API’s ID from the url of the RESTful API’s page that looks like:  

`https://securetheorem.com/api/restful-apis/`

## Optional scan configuration

Optionally, the following scan configuration settings can be specified:

`should_perform_pii_analysis: `  

If set to true, the API responses received by the scanner will be analyzed for personally identifiable information.

`should_perform_sql_injection_scan: `    

If set to true, the API’s parameters will be scanned for SQL injection issues.  

This type of scan requires sending a lot of requests to the API,

it will significantly increase the load on the API, and could potentially disrupt it.

## Sample usage

```yaml

name: Request a Data Theorem API Secure scan

on:

  push:

    branches: [ main ]

jobs:

  scan:

    name: scan RESTful API for security issues

    runs-on: ubuntu-20.04

    steps:

      - name: Request Data Theorem API Secure scan

        uses: datatheorem/[email protected]

        with:

          dt_results_api_key: ${{ secrets.DT_RESULTS_API_KEY }}

          asset_id: "15255982-380f-4dae-8fed-b06fc6a82566"

          asset_base_url: "https:///"

          # Optional scan configuration

          should_perform_pii_analysis: false

          should_perform_sql_injection_scan: false

```