🔘Pynt as a Standalone Container

Run Pynt as a standalone container without the CLI for isolated and scalable API security testing. Ensure consistent and efficient protection across your development environments.

🚀 At a Glance: Pynt’s standalone container mode allows you to run the Pynt container without the CLI, making it ideal for systems like Kubernetes or container orchestration platforms. In this mode, you control Pynt through its APIs and route HTTP traffic through the container for security testing.

Standalone container mode

Pynt container can run without the CLI, facilitating its use in various deployment scenarios beyond traditional Docker-based environments. This mode is particularly useful for systems leveraging Kubernetes or similar container orchestration platforms.

This mode is based on Pynt command, but here the user is required to run the Pynt container, control it through APIs, and route the http traffic through the container.

There are two step needed for this integration:

Run the Pynt Container: This involves setting up and running the Pynt container. Pynt can operate as a stand-alone server, as long as it setup correctly.

Control via APIs & Route HTTP Traffic: After deploying the Pynt container, you will need to manage it through its APIs. Additionally, route your HTTP traffic through the container to have Pynt scan the traffic.

How to run the Pynt container

Image:

ghcr.io/pynt-io/pynt:v1-latest

Ports:

6666 - Pynt proxy port
5001 - port for API commands to Pynt server

Environment variables:

PYNT_ID="$PYNT_ID" - Pynt credentials, how to get it
PYNT_SAAS_URL="https://api.pynt.io/v1" - Pynt Platform's URL

Here is an example of running Pynt server using docker:

docker run -e PYNT_ID="$PYNT_ID" -p 6666:6666 -p 5001:5001 --rm ghcr.io/pynt-io/pynt:v1-latest proxy

How to control Pynt container

Once the Pynt container is running in your environment, run the Pynt scan by the following these steps:

Set a few environment variables pointing to the container (or to your local machine when exposing the ports):
```
export PYNT_SERVER_BASE=http://127.0.0.1
export PYNT_SERVER_URL=$PYNT_SERVER_BASE:5001
```
To activate the Pynt proxy, make a call to the /api/proxy/start endpoint. Once activated, Pynt will listen on port 6666 for incoming traffic. For example, you can use curl as follows:
```
scan_output=$(curl -X PUT $PYNT_SERVER_URL/api/proxy/start)
```
Run your functional tests through the Pynt proxy. Pynt will read and analyze the traffic. For example, using Python Pytest:
```
export HTTP_PROXY=$PYNT_SERVER_BASE:6666
export HTTPS_PROXY=$PYNT_SERVER_BASE:6666
pytest goat.py
```
To start a Pynt scan, you need to call the /api/proxy/stop endpoint, providing the scan_id in the message body. For example, you can use the following curl command:
```
curl -X PUT $PYNT_SERVER_URL/api/proxy/stop -d "$scan_output" -H "Content-Type: application/json"
```

Optionally, you can pass the Application ID and Test Name for improved management of this scan in the Pynt platform. For example:

scanId=$(echo $scan_output | jq -r .scanId)
applicationId=xxxx
testName="My Test Name"
json_payload=$(printf '{"scanId": "%s", "applicationId": "%s", "testName": "%s"}' "$scanId" "$applicationId" "$testName")
curl -X PUT $PYNT_SERVER_URL/api/proxy/stop -d "$json_payload" -H "Content-Type: application/json"

To retrieve the report, send repeated requests (poll) to the endpoint /api/report, including the scan ID as a query parameter. A status code of 202 indicates the scan is still running, while a 200 status code signifies that the scan is complete and the HTML report is included in the response body. For example:
```
scanId=$(echo $scan_output | jq -r .scanId)
status_code=$(curl -o "$temp_output" -s -w "%{http_code}\n" $PYNT_SERVER_URL/api/report?scanId=$scanId)
```

Example: Pynt with Kubernetes

💡 Still Need Help? For any questions or troubleshooting, reach out to the Pynt Community Support.

PreviousAdvanced Pynt Examples NextPynt with Prerecorded Har Files

Last updated 8 days ago