VulnAPI is an open-source DAST tool that scans APIs for common security vulnerabilities to help developers detect and mitigate risks before exploitation.
Use this action to scan your project for vulnerabilities using the VulnAPI.
This tool is primarily used by developers and security teams to automatically scan API definitions or live endpoints for security vulnerabilities during CI/CD workflows. It integrates easily with GitHub Actions to provide continuous security checks on API projects, ensuring early detection of weaknesses in API implementations.
Users should provide either an OpenAPI file or a curl command to perform scans. The tool supports customization of scan parameters including rate limiting and severity thresholds to tailor scan sensitivity. It is recommended to keep the tool updated to benefit from new vulnerability checks and best practices. Integration into CI/CD pipelines enables continuous API security assurance.
Add the VulnAPI GitHub Action to your workflow YAML file
Use 'actions/checkout@v4' to checkout your project code
Configure the VulnAPI step with either 'openapi' file path or 'curl' command input
Set the GITHUB_TOKEN environment variable for authentication
Customize optional inputs such as scans, excludeScans, rateLimit, proxy, and severityThreshold as neededuses: cerberauth/vulnapi-action@v1 with: openapi: 'openapi.yaml'
Runs VulnAPI scan using an OpenAPI specification file to detect API vulnerabilities.
uses: cerberauth/vulnapi-action@v1 with: curl: 'curl http://localhost:8080 -H "Authorization: Bearer eyJhbGci..."'
Runs VulnAPI scan against a live API endpoint using a curl command to identify security issues.