Skip to content

NeuraLegion

NeuraLegion #165

Workflow file for this run

# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
#
# Run a Nexploit Scan
# This action runs a new security scan in Nexploit, or reruns an existing one.
# Build Secure Apps & APIs. Fast.
# [NeuraLegion](https://www.neuralegion.com) is a powerful dynamic application & API security testing (DAST) platform that security teams trust and developers love.
# Automatically Tests Every Aspect of Your Apps & APIs
# Scans any target, whether Web Apps, APIs (REST. & SOAP, GraphQL & more), Web sockets or mobile, providing actionable reports
# Seamlessly integrates with the Tools and Workflows You Already Use
#
# NeuraLegion works with your existing CI/CD pipelines – trigger scans on every commit, pull request or build with unit testing.
# Spin-Up, Configure and Control Scans with Code
# One file. One command. One scan. No UI needed.
#
# Super-Fast Scans
#
# Interacts with applications and APIs, instead of just crawling them and guessing.
# Scans are fast as our AI-powered engine can understand application architecture and generate sophisticated and targeted attacks.
#
# No False Positives
#
# Stop chasing ghosts and wasting time. NeuraLegion doesn’t return false positives, so you can focus on releasing code.
#
# Comprehensive Security Testing
#
# NeuraLegion tests for all common vulnerabilities, such as SQL injection, CSRF, XSS, and XXE -- as well as uncommon vulnerabilities, such as business logic vulnerabilities.
#
# More information is available on NeuraLegion’s:
# * [Website](https://www.neuralegion.com/)
# * [Knowledge base](https://docs.neuralegion.com/docs/quickstart)
# * [YouTube channel](https://www.youtube.com/channel/UCoIC0T1pmozq3eKLsUR2uUw)
# * [GitHub Actions](https://github.com/marketplace?query=neuralegion+)
#
# Inputs
#
# `name`
#
# **Required**. Scan name.
#
# _Example:_ `name: GitHub scan ${{ github.sha }}`
#
# `api_token`
#
# **Required**. Your Nexploit API authorization token (key). You can generate it in the **Organization** section on [nexploit.app](https://nexploit.app/login). Find more information [here](https://kb.neuralegion.com/#/guide/np-web-ui/advanced-set-up/managing-org?id=managing-organization-apicli-authentication-tokens).
#
# _Example:_ `api_token: ${{ secrets.NEXPLOIT_TOKEN }}`
#
# `restart_scan`
#
# **Required** when restarting an existing scan by its ID. You can get the scan ID in the Scans section on [nexploit.app](https://nexploit.app/login).<br> Please make sure to only use the necessary parameters. Otherwise, you will get a response with the parameter usage requirements.
#
# _Example:_ `restart_scan: ai3LG8DmVn9Rn1YeqCNRGQ)`
#
# `discovery_types`
#
# **Required**. Array of discovery types. The following types are available:
# * `archive` - uses an uploaded HAR-file for a scan
# * `crawler` - uses a crawler to define the attack surface for a scan
# * `oas` - uses an uploaded OpenAPI schema for a scan <br>
# If no discovery type is specified, `crawler` is applied by default.
#
# _Example:_
#
# ```yml
# discovery_types: |
# [ "crawler", "archive" ]
# ```
#
# `file_id`
#
# **Required** if the discovery type is set to `archive` or `oas`. ID of a HAR-file or an OpenAPI schema you want to use for a scan. You can get the ID of an uploaded HAR-file or an OpenAPI schema in the **Storage** section on [nexploit.app](https://nexploit.app/login).
#
# _Example:_
#
# ```
# FILE_ID=$(nexploit-cli archive:upload \
# --token ${{ secrets.NEXPLOIT_TOKEN }} \
# --discard true \
# ./example.har)
# ```
#
# `crawler_urls`
#
# **Required** if the discovery type is set to `crawler`. Target URLs to be used by the crawler to define the attack surface.
#
# _Example:_
#
# ```
# crawler_urls: |
# [ "http://vulnerable-bank.com" ]
# ```
#
# `hosts_filter`
#
# **Required** when the the discovery type is set to `archive`. Allows selecting specific hosts for a scan.
#
# Outputs
#
# `url`
#
# Url of the resulting scan
#
# `id`
#
# ID of the created scan. This ID could then be used to restart the scan, or for the following GitHub actions:
# * [Nexploit Wait for Issues](https://github.com/marketplace/actions/nexploit-wait-for-issues)
# * [Nexploit Stop Scan](https://github.com/marketplace/actions/nexploit-stop-scan)
#
# Example usage
#
# Start a new scan with parameters
#
# ```yml
# steps:
# - name: Start Nexploit Scan
# id: start
# uses: NeuraLegion/run-scan@29ebd17b4fd6292ce7a238a59401668953b37fbe
# with:
# api_token: ${{ secrets.NEXPLOIT_TOKEN }}
# name: GitHub scan ${{ github.sha }}
# discovery_types: |
# [ "crawler", "archive" ]
# crawler_urls: |
# [ "http://vulnerable-bank.com" ]
# file_id: LiYknMYSdbSZbqgMaC9Sj
# hosts_filter: |
# [ ]
# - name: Get the output scan url
# run: echo "The scan was started on ${{ steps.start.outputs.url }}"
# ```
#
# Restart an existing scan
#
# ```yml
# steps:
# - name: Start Nexploit Scan
# id: start
# uses: NeuraLegion/run-scan@29ebd17b4fd6292ce7a238a59401668953b37fbe
# with:
# api_token: ${{ secrets.NEXPLOIT_TOKEN }}
# name: GitHub scan ${{ github.sha }}
# restart_scan: ai3LG8DmVn9Rn1YeqCNRGQ
# - name: Get the output scan url
# run: echo "The scan was started on ${{ steps.start.outputs.url }}"
name: "NeuraLegion"
on:
push:
branches: [ "main" ]
pull_request:
branches: [ "main" ]
schedule:
- cron: '30 0 * * 4'
jobs:
neuralegion_scan:
runs-on: ubuntu-18.04
name: A job to run a Nexploit scan
steps:
- uses: actions/checkout@v2
- name: Start Nexploit Scan 🏁
id: start
uses: NeuraLegion/run-scan@29ebd17b4fd6292ce7a238a59401668953b37fbe
with:
api_token: ${{ secrets.NEURALEGION_TOKEN }}
name: GitHub scan ${{ github.sha }}
discovery_types: |
[ "crawler" ]
crawler_urls: |
[ "https://brokencrystals.com" ] # ✏️ Update this to the url you wish to scan