🔘Pynt for GitHub Actions

Integrate Pynt with GitHub Actions for automated API security testing. Enhance your CI/CD pipeline by adding Pynt’s robust security scans to your GitHub Actions workflows.

What is GitHub Actions?

💡 GitHub Actions allows you to automate workflows for building, testing, and deploying code. With native integration into GitHub repositories, you can trigger workflows based on events like pushes, pull requests, and schedule automation tasks.


Pynt's integration with GitHub Actions

As part of its API security testing, Pynt allows seamless integration with GitHub Actions.

Pynt for GitHub Actions enables you to seamlessly integrate powerful API security testing into your GitHub Actions CI/CD pipelines. By incorporating Pynt into your GitHub Actions workflows, you can automate comprehensive security scans with every build, ensuring that your APIs are protected from vulnerabilities throughout the development process. Pynt’s integration with GitHub Actions is designed to be straightforward, allowing you to enhance your security posture without disrupting your existing CI/CD practices.


GitHub Actions Configuration

  • Copy your Pynt ID into action secrets in your GitHub:

  • Make sure Python installed on the agent.

  • Add Pynt to your workflow, see the following example of a job in a Github workflow that runs Pynt on our goat vulnerable application:

name: Example pynt yml 
on: 
  workflow_dispatch:
    inputs: 
      comment: 
        type: string 
        default: "API Security tests"

env:
  PYNT_ID: ${{ secrets.YOURPYNTID }}

jobs:
 api-security:
  runs-on: ubuntu-latest

  steps: 
    - name: install pynt cli
      run: | 
        python3 -m pip install --upgrade pyntcli 
    - name: get goat collection 
      run: | 
        curl https://raw.githubusercontent.com/pynt-io/pynt/main/goat_functional_tests/goat.postman_collection.json -o goat.json 
    - name: run pynt with newman integration 
      run: | 
        pynt newman --collection goat.json --reporters --return-error=errors-only

Controlling the return code from Pynt

pynt newman and pynt command have an optional flag --return-error

With this flag, you have granular control over whether Pynt returns an error code (non zero) in the event of findings. Use this flag to control when Pynt will break the CI/CD run, allowed values are:

'all-findings' (warnings or errors),
'errors-only',
'never' (default

💡 Need Help? For any questions or troubleshooting, reach out to the Pynt Community Support.

Last updated