Skip to content

Escape - API Security

Actions
Secure your application using Escape.tech
v0.5.0
Latest
By Escape-Technologies
Verified creator
Star (3)

Tags

 (2)
continuous-integrationsecurity

Verified

GitHub has manually verified the creator of the action as an official partner organization. For more info see About badges in GitHub Marketplace.

Escape.tech / Action

Run Escape directly in Github actions !

Using this action will allow you to start a security scan for a REST, GraphQL, or Frontend application on the Escape platform.

We recommend providing these values as Encrypted secrets.

image

Setup

This action requires an application ID and an API key to be provided.

You can find theses values in your Escape application settings.

image

Required arguments

  • application_id: The id of the application on Escape, that will be scanned continuously
  • api_key: Your API key on the Escape platform

Optional

  • r: This option allows you to include remediations in the report. The report will be printed to the console, and will include the remediations for any security tests that failed.
  • timeout: The maximum time in seconds to wait for the scan to complete. Default is 1200 seconds.
  • configuration_override: A JSON override of the scan configuration. See the docs on configuration overrides
  • configuration_override_path: Loads configuration_override from a file. See the docs on configuration overrides
  • introspection_file: The relative path to a JSON file containing an introspection response for updating the application's introspection on Escape. See the docs on introspection update
  • schema_file: The relative path to a GraphQL schema file for updating the application's introspection on Escape. See the docs on introspection update
  • schema_url: The url to a GraphQL schema file for updating the application's introspection on Escape. See the docs on introspection update
  • fail_on_severities: A csv-delimited list of severities to fail on, can be HIGH, MEDIUM, LOW, INFO. See the docs from the cli
  • fail_on_compliance: A JSON string to define exact controls in an array (or all of them with *), per compliance framework supported. See the docs from the cli

Usage example

on:
  push:
    branches:
      - main
jobs:
  Escape:
    runs-on: ubuntu-latest
    steps:
      - name: Escape Scan
        uses: Escape-Technologies/action@v0
        with:
          application_id: ${{ secrets.ESCAPE_APPLICATION_ID }}
          api_key: ${{ secrets.ESCAPE_API_KEY }}
          # timeout: 1200 (default - in seconds) (use 0 for non blocking pipelines)

Contributors (6)

@LMaxence@Nadran20@Gby56@nohehf@iCarossio@panthajds

Resources

Escape - API Security is not certified by GitHub. It is provided by a third-party and is governed by separate terms of service, privacy policy, and support documentation.

About

Secure your application using Escape.tech
v0.5.0
Latest
By Escape-Technologies

Verified

GitHub has manually verified the creator of the action as an official partner organization. For more info see About badges in GitHub Marketplace.

Tags

 (2)
continuous-integrationsecurity

Contributors (6)

@LMaxence@Nadran20@Gby56@nohehf@iCarossio@panthajds

Resources

Escape - API Security is not certified by GitHub. It is provided by a third-party and is governed by separate terms of service, privacy policy, and support documentation.