Mayhem for API ❤️ GitHub Code Scanning: Seamless DevSecOps for your REST APIs

Alex Rebert
April 13, 2021
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

The central tool to develop software as a team is a Source Code Management system like GitHub. This is where developers manage changes to their code: creating Pull Requests, discussing their changes with their team, and ensuring the pipelines are green. An additional Github feature that has proven useful to developers is GitHub Code Scanning. GitHub code Scanning became widely available in September of 2020 and allows developers to easily identify vulnerabilities in code prior to production. GitHub Actions are automatically integrated with Code Scanning allowing teams to automate workflows and scan code as it’s produced.

Github Code Scanning integration with Mayhem for API

One of Mayhem for API’s guiding principles is to seamlessly integrate into existing developer ecosystems. We integrated Mayhem for API with GitHub from Day 1. For instance, you can sign up to our service with your GitHub account. Our GitHub App enables Mayhem for API to add GitHub Checks directly in your Pull Request.

GitHub Code Scanning Integration for API Testing

To enhance the capabilities of Code Scanning, we’re announcing that Mayhem for API is now natively integrated with GitHub Code Scanning. This integration will help developers and teams keep their APIs reliable, fast, and secure without slowing down their productivity. We are releasing a GitHub Action that integrates with GitHub Code Scanning, and enables Mayhem for API to be effortlessly added to your GitHub workflows. Not using GitHub Actions? Our CLI allows you to upload findings to GitHub Code Scanning from any CI! You can even upload findings to an on-premise Enterprise GitHub instance.

With the launch of GitHub code scanning support, we’re happy to further embed our results where you want them: in your PRs before your changes get deployed to production.

Testing APIs through GitHub Code Scanning

Mayhem for API issue, in your PR

Mayhem for API results are converted into GitHub code scanning alerts, allowing you to manage the findings and see their history:

Mayhem for API results show as GitHub code scanning alerts

By clicking on the details of a finding, developers will get helpful information to fix the issue, including the HTTP request that triggered the issue, as well as the response generated by the API. In addition, Mayhem for API provides clear remediation advice to help you understand and fix the issue without delay.

If you want to give it a shot, sign up for our free 30-day trial and checkout our github action: https://github.com/ForAllSecure/mapi-action.

{{code-cta}}

Share this post

How about some Mayhem in your inbox?

Subscribe to our monthly newsletter for expert insights and news on DevSecOps topics, plus Mayhem tips and tutorials.

By subscribing, you're agreeing to our website terms and privacy policy.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Add Mayhem to Your DevSecOps for Free.

Get a full-featured 30 day free trial.

Complete API Security in 5 Minutes

Get started with Mayhem today for fast, comprehensive, API security. 

Get Mayhem

Maximize Code Coverage in Minutes

Mayhem is an award-winning AI that autonomously finds new exploitable bugs and improves your test suites.

Get Mayhem