Skip to content
NightVision Docs

GitHub: Public Scan (BACKUP)

Description

Section titled “Description”

In this tutorial, you’ll learn how to integrate NightVision DAST scans into your CI/CD pipelines to automatically find exploitable vulnerabilities within minutes.

Steps

Section titled “Steps”
  1. Once you run your first Public Web App Scan or Public API Scan this will create App and Target objects needed for scanning.
  2. Create a NIGHTVISION_TOKEN secret by clicking the Generate API token button under your profile:


  1. Add this NIGHTVISION_TOKEN secret to the GitHub repository secrets.


  1. Add a .github/workflows/nightvision.yaml pipeline file to any GitHub repository.
yaml
name: Test Case - Testphp and Temp-fe


on:
  push:
  workflow_dispatch:
  # schedule:
  #   - cron: '0 5 * * 1'


env:
  NIGHTVISION_TOKEN: ${{ secrets.NIGHTVISION_TOKEN }}


jobs:
  test:
    permissions:
      security-events: write
    runs-on: ubuntu-latest
    steps:
      - name: (1) Clone Code
        uses: actions/checkout@v3


      - name: (2) Install NightVision
        run: |
            wget -c https://downloads.nightvision.net/binaries/latest/nightvision_latest_linux_amd64.tar.gz -O - | tar -xz; sudo mv nightvision /usr/local/bin/
                    python -m pip install semgrep --user


      - name: (3) Scan the Public Web App
        run: |
          nightvision scan -t testphp -a Default_Application


      - name: (4) Scan the Public API
        run: |
          nightvision scan -t temp-fe -a Default_Application

  1. To trigger this pipeline regularly for automatic scan coverage, add a schedule:
name: Test Case - Testphp


on:
  push:
  workflow_dispatch:
  schedule:
    - cron: '0 5 * * 1'

Example

Section titled “Example”

Advanced Topic: Repository Security Alerts

Section titled “Advanced Topic: Repository Security Alerts”

If you can generate an openapi-spec.yml file using our API Envy Tool, you can add security alerts to this pipeline. To add GitHub security alerts for API applications, add the following to your pipeline file (see line 30 and below):

name: Test Case - Testphp and Temp-fe


on:
  push:
  workflow_dispatch:
  # schedule:
  #   - cron: '0 5 * * 1'


env:
  NIGHTVISION_TOKEN: ${{ secrets.NIGHTVISION_TOKEN }}


jobs:
  test:
    permissions:
      security-events: write
    runs-on: ubuntu-latest
    steps:
      - name: (1) Clone Code
        uses: actions/checkout@v3


      - name: (2) Install NightVision
        run: |
            wget -c https://downloads.nightvision.net/binaries/latest/nightvision_latest_linux_amd64.tar.gz -O - | tar -xz; sudo mv nightvision /usr/local/bin/
                    python -m pip install semgrep --user


      - name: (3) Scan the Public Web App
        run: |
          nightvision scan -t testphp -a Default_Application


      - name: (4) Scan the Public API
        run: |
          nightvision scan -t temp-fe -a Default_Application> scan-results.txt
          nightvision export sarif -s "$(head -n 1 scan-results.txt)" --swagger-file openapi-spec.yml


      - name: (5) Upload sarif documentation artifact
        uses: actions/upload-artifact@v3
        with:
          name: results.sarif
          path: results.sarif
          retention-days: 30


      - name: (6) Upload SARIF file to GitHub Security Alerts if vulnerabilities are found
        uses: github/codeql-action/upload-sarif@v2
        if: success()
        with:
          sarif_file: results.sarif