Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Confirmation of endpoints scanned #172

Open
slaterx opened this issue Sep 27, 2024 · 6 comments
Open

Confirmation of endpoints scanned #172

slaterx opened this issue Sep 27, 2024 · 6 comments
Labels
enhancement New feature or request stale

Comments

@slaterx
Copy link

slaterx commented Sep 27, 2024

Hi team,

I am wondering, how can I get confirmation of the endpoints scanned when you scan with curl or openapi?

Our API has a lot of endpoints, and with the current output, I can't tell whether the tool found all endpoints and attempted to reach each:


echo "secret-token" | vulnapi scan openapi /tmp/swagger.json


| WELL-KNOWN PATHS | URL |
|------------------|-----|
| OpenAPI          | N/A |
| GraphQL          | N/A |


Congratulations! No issues were found.

| OPERATION | RISK LEVEL | CVSS 4.0 SCORE | OWASP | VULNERABILITY |
|-----------|------------|----------------|-------|---------------|

Needless to say that the swagger.json I am using is a valid swagger:

image

@emmanuelgautier emmanuelgautier added the enhancement New feature or request label Sep 28, 2024
@emmanuelgautier
Copy link
Member

Thanks for your feedback.

Adding more details about the performed scans could indeed be useful. My main concern is to provide a summary in the CLI output.

Perhaps the best approach would be to display only the number of endpoints checked and the number of scans performed. What do you think?

In the new version, there is also an option to export all the scans performed, including the skipped ones if this can fit your need as well.

@slaterx
Copy link
Author

slaterx commented Sep 30, 2024

If the export option is delivered, your proposal will be spot on because it provides quick feedback and allows the curious user to explore more on the exported output and the CI tooling to move along without cluttering the logs.

@emmanuelgautier
Copy link
Member

Perfect. The report file structure is still in its alpha, so breaking changes can still be made.

Please don't hesitate to provide feedback. We're currently having discussions on Discord to improve the structure, if you're interested.

@slaterx
Copy link
Author

slaterx commented Oct 2, 2024

well I am! how can I join it?

@emmanuelgautier
Copy link
Member

You can join it at this link: https://discord.gg/H88NSKQ6wA

Copy link

github-actions bot commented Dec 2, 2024

Hello contributors!

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.
If you believe this issue is still relevant, please comment with your thoughts or re-open it.

Thank you for your contributions! 🙏

@github-actions github-actions bot added the stale label Dec 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request stale
Projects
None yet
Development

No branches or pull requests

2 participants