🔘GitHub Actions

How to add Pynt into a GitHub action

  • Copy your Pynt ID into action secrets in your GitHub:

  • Add Pynt to you workflow, see following example of a job in a Github workflow that runs Pynt on our goat vulnerable application:

name: Example pynt yml 
on: 
  workflow_dispatch:
    inputs: 
      comment: 
        type: string 
        default: "API Security tests"

env:
  PYNT_ID: ${{ secrets.YOURPYNTID }}

jobs:
 api-security:
  runs-on: ubuntu-latest

  steps: 
    - name: install pynt cli
      run: | 
        python3 -m pip install --upgrade pyntcli 
    - name: get goat collection 
      run: | 
        curl https://raw.githubusercontent.com/pynt-io/pynt/main/goat_functional_tests/goat.postman_collection.json -o goat.json 
    - name: run pynt with newman integration 
      run: | 
        pynt newman --collection goat.json --reporters --return-error=errors-only

Controlling the return code from Pynt

pynt newman and pynt command have an optional flag --return-error

With this flag, you have granular control over whether Pynt returns an error code (non zero) in the event of findings. Use this flag to control when Pynt will break the CI/CD run, allowed values are:

'all-findings' (warnings or errors),
'errors-only',
'never' (default)
PreviousHow to get Pynt IDNextGitLab

Last updated