action.yaml

# action.yml
name: "42Crunch REST API Dynamic Security Testing Freemium"
description: "This action adds 42Crunch dynamic API security testing (DAST) to your workflows."
inputs:
  upload-to-code-scanning:
    description: "Upload results to Code Scanning Alerts"
    required: false
    default: "true"
  token:
    description: "Personal Access Token"
    default: ${{ github.token }}
  target-url:
    description: "The URL of the API deployment used by the scan. It must be a public URL or an internal URL accessible from the runner."
    required: true
  api-definition:
    description: "Filename of the API to scan, relative to the workspace root."
    required: true
  api-credential:
    description: "The API key or token required to invoke the API hosted at target-host - This value can come from a GitHub secret or dynamically obtained in a previous pipeline step."
    required: false
  log-level:
    description: "Log level"
    required: false
    default: "info"
  data-enrich:
    description: "Enrich the OpenAPI file leveraging the default data dictionary"
    required: false
    default: "false"
  sarif-report:
    description: "SARIF report"
    required: false
  scan-report:
    description: "Scan report file"
    required: false
  export-as-pdf:
    description: "Export the scan report as PDF"
    required: false
  enforce-sqg:
    description: "Enforce Security Quality Gate"
    required: false
    default: "false"

branding:
  icon: "eye"
  color: "purple"
runs:
  using: "docker"
  image: "Dockerfile"