Delivering secure, reliable APIs requires finding and fixing issues before shipping to production. That’s why Mayhem for API integrates easily into your CI/CD pipeline to automatically test your API for performance and security and validate it against your API specification.
With every build, Mayhem will run hundreds—or even thousands—of individual tests and deliver you triaged, actionable results that highlight defects and performance issues.
Mayhem offers several ways to integrate into your CI/CD. In this example, we’ll look at bringing Mayhem into a Jenkins pipeline using both Mayhem’s command line interface (CLI) as well as using Mayhem’s Docker image.
To start, you will need an API token to run Mayhem for API in your Jenkins pipeline:
This will demonstrate how to run Mayhem for API against an API that is built and run in a Jenkins scripted pipeline. As a general rule, we recommend running Mayhem after any static scanning in your pipeline. These examples will start a local API instance to perform all testing against.
In this scripted pipeline, after building your API, we use the Mayhem for API image on Docker Hub to run Mayhem as a containerized job and return results. Results are then collected in JUnit XML format.
// Run the build on a node with the 'docker' label
node("docker") {
checkout scm
// MAPI_TOKEN - The API Token secret text added to Credentials
withCredentials([
string(credentialsId: "${MAPI_TOKEN}", variable: "MAPI_TOKEN")
]) {
//
// 1. BUILD AND TEST YOUR API HERE
//
stage("Run Mayhem for API") {
//
// 2. Start your API
// eg. http://localhost:8080/api
//
//
// 3. Run Mayhem for API
//
sh '''
docker run -t --rm \
--network=host \
-e MAPI_TOKEN=${MAPI_TOKEN} \
-e NO_COLOR=true \
forallsecure/mapi:latest \
run my-api auto \
--url 'http://localhost:8080/api' \
--junit results.xml
'''
//
// 4. Collect junit results
//
junit testResults: 'results.xml'
}
}
} This example is nearly identical to the one above. Instead of using the Mayhem Docker image, we call Mayhem directly using the CLI. The easiest way to do this is to take advantage of the Jenkins Tool Installer, which gives you more robust setup options. In the example below, we’ll show you how to do this without it by downloading the CLI as its own pipeline step.
// Run the build on a node with the 'docker' label
node("docker") {
checkout scm
// MAPI_TOKEN - The API Token secret text added to Credentials
withCredentials([
string(credentialsId: "${MAPI_TOKEN}", variable: "MAPI_TOKEN")
]) {
//
// 1. BUILD AND TEST YOUR API HERE
//
stage("Run Mayhem for API") {
//
// 2. Start your API
// eg. http://localhost:8080/api
//
//
// 3. Download the CLI (or use Jenkins Tools)
//
sh '''
curl -Lo mapi https://mayhem4api.forallsecure.com/downloads/cli/latest/linux-musl/mapi \
&& chmod +x mapi
'''
//
// 4. Run Mayhem for API
//
sh '''
mapi run my-api auto <path_to_openapi_spec> \
--url 'http://localhost:8080/api' \
--junit results.xml
'''
//
// 5. Collect junit results
//
junit testResults: 'results.xml'
}
}
}
Running Mayhem for API in your Jenkins pipeline ensures you’re identifying security, reliability, and performance issues before shipping to production. Mayhem’s self-learning algorithms constantly expand coverage and provide an automated triage of results so you're not wading through hundreds of issues trying to prioritize. With Mayhem, every result found is actionable, helping you fix and ship software faster.
By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement.
