Documentation
Search
K

Pynt on CI/CD

Integrate Pynt seamlessly into your CI/CD pipeline! Explore our onboarding guide for insights on using Pynt effectively in continuous integration and deployment workflows.
Integrating API Security testing into your CI/CD pipeline using pynt newman or pynt command is very simple and straightforward. This page provides examples on integrations with GitHub, GitLab and Jenkins pipelines
To set up Pynt in your CI/CD pipeline, you need to follow these steps:
  1. 1.
    Using Pynt CLI on your machine, run:
    pynt pynt-id
    (You will be asked to login on your first time running Pynt)
How to get your Pynt-ID
GitHub
GitLab
Jenkins
  • Copy your Pynt ID into a secret in your Ci/CD environment, for example in Github:
Add pynt-id to a Github secret
  • Add Pynt to you workflow, see following example of a job in a Github workflow that runs Pynt on our goat vulnerable application:
name: Example pynt yml
on:
workflow_dispatch:
inputs:
comment:
type: string
default: "API Security tests"
env:
PYNT_CREDENTIALS: ${{ secrets.YOURPYNTID }}
jobs:
api-security:
runs-on: ubuntu-latest
steps:
- name: install pynt cli
run: |
python3 -m pip install --upgrade pyntcli
- name: get goat collection
run: |
curl https://raw.githubusercontent.com/pynt-io/pynt/main/goat_functional_tests/goat.postman_collection.json -o goat.json
- name: run pynt with newman integration
run: |
pynt newman --collection goat.json --reporters --return-error=errors-only
Copy your Pynt ID into a secret in your Ci/CD environment:
Settings -> CICD -> Variables
Add Pynt-ID to a GitLab variable
Add Pynt to you workflow, see following example of a job in GitLab workflow that runs Pynt on our goat vulnerable application:
stages:
- pynt
pynt-api-security:
# Use the official docker image.
image: docker
stage: pynt
services:
- docker:dind
before_script:
- apk add --update curl && rm -rf /var/cache/apk/*
- apk add --update python3
- python3 -m ensurepip --default-pip
variables:
SHARED_PATH: /builds/shared/$CI_PROJECT_PATH
script:
# create shared folder
- mkdir -p ${SHARED_PATH}
# pynt should run from ${SHARED_PATH} context.
- cd ${SHARED_PATH}
# set $PYNT_CREDENTIALS environment variable
- export PYNT_CREDENTIALS=$pyntid
# get collection to test
- curl https://raw.githubusercontent.com/pynt-io/pynt/main/goat_functional_tests/goat.postman_collection.json --output goat.json
# install pyntcli
- python3 -m pip install pyntcli
# run pynt security scan against goat.json collection
- pynt newman --collection ${SHARED_PATH}/goat.json --reporters --return-error=errors-only
# results both html and json will be created at ${SHARED_PATH}: ${SHARED_PATH}/pynt_results.json, ${SHARED_PATH}/pynt_results.html
- cat ${SHARED_PATH}/pynt_results.json
Add pynt-id to Jenkins environment variables:
An example for a Jenkins job running Pynt newman against goat collection:
echo "Pynt API Security testing"
# Using venv is a good practice
python3 -m venv myenv
. myenv/bin/activate
pip install pyntcli
export PATH=$PATH:/var/lib/jenkins/.local/lib/python3.10/site-packages
curl https://raw.githubusercontent.com/pynt-io/pynt/main/goat_functional_tests/goat.postman_collection.json -o goat.json
pynt newman --collection goat.json --reporters
cat pynt_results.json
deactivate

Controlling the return code from Pynt

pynt newman and pynt command have an optional flag --return-error
With this flag, you have granular control over whether Pynt returns an error code (non zero) in the event of findings. Use this flag to control when Pynt will break the CI/CD run, allowed values are:
'all-findings' (warnings or errors),
'errors-only',
'never' (default)