Add the Mayhem for API CircleCI Orb to
version: 2.1 orbs: mapi: firstname.lastname@example.org
Pipeline Hosted Service
Create a new job to scan your API and start your service. Then call the
mapi/scan command to
run Mayhem against your service.
jobs: mayhem-for-api: machine: image: ubuntu-2204:2022.07.1 steps: # Start your service - run: command: start-service.sh & # Scan your API with Mayhem for API - mapi/scan: api-url: "http://localhost:8000" api-spec: "https://demo-api.mayhem4api.forallsecure.com/api/v3/openapi.json" - store_artifacts: path: /tmp/mapi - store_test_results: path: /tmp/mapi/junit.xml
Then add the new job to your workflow.
workflows: tests-and-security: jobs: - mayhem-for-api
To test a service that is already deployed and not running as part of the build pipeline,
mapi/scan job in your workflow. Mayhem should never be executed against production environments.
workflows: tests-and-security: jobs: - mapi/scan: api-url: "https://your.staging.com/" api-spec: "https://your.staging.com/openapi.json"