コンテンツにスキップ

CircleCI Integration

Circleci-logo

In this guide we'll show you how to set up a CircleCI Pipeline so Mayhem can automatically test your API on every push.

You will need the following to run Mayhem in your CircleCI pipeline:

  1. Create a Mayhem API token.
  2. Add the newly created token as an Environment Variable in the pipeline's context named MAPI_TOKEN

Pipeline Configuration for Mayhem with CircleCI

Testing your API is easy. First add the CircleCI Orb to your .circleci/config.yml file.

1
2
3
version: 2.1
orbs:
  mapi: forallsecure/mapi@1.0.0

Pipeline Hosted Service

Create a new job to scan your API and start your service. Then call the mapi/scan command to run Mayhem against your service and store any artifacts or test results at your desired location.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
jobs:
  mayhem-for-api:
    machine:
      image: ubuntu-2204:2022.07.1
    steps:
      # Start your service
      - run:
          command: start-service.sh &
      # Scan your API with Mayhem
      - mapi/scan:
          api-url: 'http://localhost:8000'
          api-spec: 'https://demo-api.mayhem.security/api/v3/openapi.json'
      - store_artifacts:
          path: /tmp/mapi
      - store_test_results:
          path: /tmp/mapi/junit.xml

Then add the new job to your workflow.

1
2
3
4
workflows:
  tests-and-security:
    jobs:
      - mayhem-for-api

Deployed Service

To test a service that is already deployed and not running as part of the build pipeline, use the mapi/scan job in your workflow. Mayhem should never be executed against production environments.

1
2
3
4
5
6
workflows:
  tests-and-security:
    jobs:
      - mapi/scan:
          api-url: 'https://your.staging.com/'
          api-spec: 'https://your.staging.com/openapi.json'