Skip to content

Azure DevOps Integration

azure-devops-color

In this guide we'll show you how to set up an Azure DevOps Pipeline so Mayhem can automatically test your API on every push.

You will need the following to run Mayhem in your Azure DevOps pipeline:

  1. Create a Mayhem API token.
  2. Add the newly created token as a "Secret variable" in the pipeline's variables named MAPI_TOKEN

Pipeline Configuration for Mayhem with Azure DevOps

Create a azure-pipelines.yml file to configure an Azure DevOps pipeline to scan your API and upload a report as an artifact:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
steps:
  - checkout: self
    clean: 'true'
    # Fetch a deep enough history to compute the merge base of branches with the
    # default branch.  Alternatively, set to "0" to fetch the entire history.
    fetchDepth: '50'

  # 1. Build and test your API

  # 2. Run the API in debug mode. Output stack traces for better error reporting.

  # 3. Run Mayhem against your API at localhost:8000
  #    Replace $(MAYHEM_URL) with your instance's URL, e.g., https://app.mayhem.security
  - script: |
      curl -Lo mapi $(MAYHEM_URL)/cli/mapi/linux-musl/latest/mapi \
        && chmod +x mapi

      ./mapi run azure-pipelines-example auto http://localhost:8000/openapi.json \
        --url 'http://localhost:8000' \
        --junit TEST-mapi.xml \
        --html mapi.html
    env:
      MAPI_TOKEN: $(MAPI_TOKEN)
    continueOnError: 'true'
    displayName: Run Mayhem to check for vulnerabilities

  - task: PublishPipelineArtifact@1
    displayName: 'Publish Pipeline Artifact'
    inputs:
      path: 'mapi.html'
      artifact: mapi-html-report
    continueOnError: 'true'

  - task: PublishTestResults@2

Live GitHub Example

A full working example is available on GitHub: azure-pipelines-example.