Run Escape directly in Github actions !
Using this action will allow you to start a security scan for a GraphQL application on the Escape platform.
We recommend providing these values as Encrypted secrets.
This action requires an application ID and an API key to be provided.
You can find theses values in your Escape application settings.
application_id: The id of the application on Escape, that will be scanned continuouslyapi_key: Your API key on the Escape platform
r: This option allows you to include remediations in the report. The report will be printed to the console, and will include the remediations for any security tests that failed.timeout: The maximum time in seconds to wait for the scan to complete. Default is 1200 seconds.configuration_override: A JSON override of the scan configuration. See the docs on configuration overridesconfiguration_override_path: Loadsconfiguration_overridefrom a file. See the docs on configuration overridesintrospection_file: The relative path to a JSON file containing an introspection response for updating the application's introspection on Escape. See the docs on introspection updateschema_file: The relative path to a GraphQL schema file for updating the application's introspection on Escape. See the docs on introspection updateschema_url: The url to a GraphQL schema file for updating the application's introspection on Escape. See the docs on introspection updatefail_on_severities: A csv-delimited list of severities to fail on, can be HIGH, MEDIUM, LOW, INFO. See the docs from the clifail_on_compliance: A JSON string to define exact controls in an array (or all of them with *), per compliance framework supported. See the docs from the cli
on:
push:
branches:
- main
jobs:
Escape:
runs-on: ubuntu-latest
steps:
- name: Escape Scan
uses: Escape-Technologies/action@v0
with:
application_id: ${{ secrets.ESCAPE_APPLICATION_ID }}
api_key: ${{ secrets.ESCAPE_API_KEY }}
# timeout: 1200 (default - in seconds) (use 0 for non blocking pipelines)