Azure DevOps Pipeline Integration
The Mayhem for API CLI is built to run on any Continuous Integration platform. This guide will describe how to configure an Azure DevOps Pipeline to run Mayhem for API against your API.
You will need an API token to run Mayhem for API in your Azure DevOps pipeline:
- Create a Service Account token for your organization
- Add the newly created token as a "Secret variable" in the pipeline's variables
Configure your pipeline
This will demonstrate how to run mAPI against an API that built and run in a Azure DevOps pipeline.
steps: - checkout: self clean: "true" # Fetch a deep enough history to compute the merge base of branches with the # default branch. Alternatively, set to "0" to fetch the entire history. fetchDepth: "50" # 1. Build and test your API # 2. Run the API in debug mode. Output stack traces for better error reporting. # 3. Run Mayhem for API - script: | curl -Lo mapi https://mayhem4api.forallsecure.com/downloads/cli/latest/linux-musl/mapi \ && chmod +x mapi ./mapi run azure-pipelines-example auto http://localhost:8000/openapi.json \ --url 'http://localhost:8000' \ --junit TEST-mapi.xml \ --html mapi.html env: MAPI_TOKEN: $(MAPI_TOKEN) continueOnError: "true" displayName: Run Mayhem for API to check for vulnerabilities - task: PublishPipelineArtifact@1 displayName: 'Publish Pipeline Artifact' inputs: path: 'mapi.html' artifact: mapi-html-report continueOnError: "true" - task: PublishTestResults@2
A full working example is available on GitHub.