RFP.2.1 demo: PR-triggered scan, advisory only (no gate)#1
RFP.2.1 demo: PR-triggered scan, advisory only (no gate)#1dave-apisec wants to merge 10 commits into
Conversation
Demonstrates RFP.2.1 — PR-triggered scan with runner isolation and secret-based credential handling. Thresholds set to 999 so the pipeline passes regardless of findings (scan-pass demo branch).
Replaces Docker container with a direct POST to
/v1/applications/{id}/instances/{id}/scan — demonstrates RFP.2.1
PR-triggered scanning and secret-based credential handling.
Workflow always passes; findings visible in APIsec dashboard only.
APIsec API Security Scan❌ Failed to trigger APIsec scan — check the Actions log for details.
|
APIsec API Security Scan❌ Failed to trigger APIsec scan — check the Actions log for details.
|
1 similar comment
APIsec API Security Scan❌ Failed to trigger APIsec scan — check the Actions log for details.
|
☂️ Python Coverage
Overall Coverage
New FilesNo new covered files... Modified FilesNo covered modified files...
|
APIsec API Security Scan❌ Failed to trigger APIsec scan — check the Actions log for details.
|
APIsec API Security Scan❌ Failed to trigger APIsec scan — check the Actions log for details.
|
APIsec API Security Scan✅ Scan triggered successfully — View results in APIsec →
|
APIsec API Security Scan✅ Scan triggered successfully — View results in APIsec →
|
APIsec API Security Scan✅ Scan triggered successfully — View results in APIsec →
|
APIsec API Security Scan✅ Scan triggered successfully — View results in APIsec →
|
1 participant
What this demonstrates
RFP.2.1 — Scan triggered automatically on pull request open/update.
ubuntu-latestGitHub-hosted VM (destroyed after run)APISEC_TOKENstored as a GitHub Secret — masked in all logs, never touches diskPOST /v1/applications/{id}/instances/{id}/scandirectly via the APIsec REST APIExpected result: ✅ Check passes. PR comment includes a direct link to the scan in APIsec.