ForAllSecure Blog

Mayhem for API ❤️ GitHub Code Scanning: Seamless DevSecOps for your REST APIs

Alex Rebert
·
April 13, 2021

The central tool to develop software as a team is a Source Code Management system like GitHub. This is where developers manage changes to their code: creating Pull Requests, discussing their changes with their team, and ensuring the pipelines are green. An additional Github feature that has proven useful to developers is GitHub Code Scanning. GitHub code Scanning became widely available in September of 2020 and allows developers to easily identify vulnerabilities in code prior to production. GitHub Actions are automatically integrated with Code Scanning allowing teams to automate workflows and scan code as it’s produced.

Github Code Scanning integration with Mayhem for API

One of Mayhem for API’s guiding principles is to seamlessly integrate into existing developer ecosystems. We integrated Mayhem for API with GitHub from Day 1. For instance, you can sign up to our service with your GitHub account. Our GitHub App enables Mayhem for API to add GitHub Checks directly in your Pull Request.

GitHub Code Scanning Integration for API Testing

To enhance the capabilities of Code Scanning, we’re announcing that Mayhem for API is now natively integrated with GitHub Code Scanning. This integration will help developers and teams keep their APIs reliable, fast, and secure without slowing down their productivity. We are releasing a GitHub Action that integrates with GitHub Code Scanning, and enables Mayhem for API to be effortlessly added to your GitHub workflows. Not using GitHub Actions? Our CLI allows you to upload findings to GitHub Code Scanning from any CI! You can even upload findings to an on-premise Enterprise GitHub instance.

Build Reliable APIs.

Find out how ForAllSecure can ensure the quality of your APIs with autonomous fuzz testing.

Free Trial Learn More

With the launch of GitHub code scanning support, we’re happy to further embed our results where you want them: in your PRs before your changes get deployed to production.

Testing APIs through GitHub Code Scanning

Mayhem for API issue, in your PR

Mayhem for API results are converted into GitHub code scanning alerts, allowing you to manage the findings and see their history:

Mayhem for API results show as GitHub code scanning alerts

By clicking on the details of a finding, developers will get helpful information to fix the issue, including the HTTP request that triggered the issue, as well as the response generated by the API. In addition, Mayhem for API provides clear remediation advice to help you understand and fix the issue without delay.

If you want to give it a shot, sign up for our free 30-day trial and checkout our github action: https://github.com/ForAllSecure/mapi-action. We’d love to hear about your experience, so please reach out to mayhem4api@forallsecure.com with any thoughts and feedback!

.

Stay Connected


Subscribe to Updates

By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement.