Pular para conteúdo

API Test Patrol Setup

This article describes how to enable and configure Wallarm's API Test Patrol.

Enable

Wallarm's API Test Patrol is currently an early access feature under development - you can go through the currently available features.

API Test Patrol is disabled by default. To enable:

  1. If in Wallarm Console you do not see the API Security TestingAPI Test Patrol section, contact the Wallarm support team to enable.

  2. Go to the API Test PatrolTest policies tab and create at least one policy.

Configure test policies

Test policy defines persistently:

  • Application's OpenAPI specification

  • Tests to run

Besides persistent parameters that are the same for any test run, each test policy may optionally include parameters that can be re-defined during each next test run (Runtime parameters). Re-defining the runtime parameters can be useful for embedding of Docker into the CI/CD pipelines:

  • Application's Target URL

    (although can be redefined during each run, some initial value is required)

  • Authentication parameters

To configure test policy:

  1. Go to Wallarm Console → API Security TestingAPI Test PatrolTest policies.

  2. Click Add policy, attach OpenApi specification file.

  3. Select test types to run.

  4. Set Target URL (can be re-defined dynamically during each test run).

  5. Optionally, add other Runtime parameters.

    API Test Patrol - creating test policy

You can edit previously created policies: while clicking policy itself opens its Docker command info, you can click the edit button to access the edit dialog:

API Test Patrol - editing test policy

Docker run

As test policy is created, it provides you with the Docker run command which allows you start tests for your application:

  1. Go to Wallarm Console → API Security TestingAPI Test PatrolTest policies.

  2. Click you policy. The policy's Docker command will be displayed.

    API Test Patrol - test policy Docker command

  3. Copy command and run it or embed into your CI/CD pipeline. This will run security tests selected in the policy for your application.

    Remember that you can re-define the -e parameters of the Docker run command, that came from Runtime parameters section of the policy, on each run.

  4. View run statistics and test run results on the Test runs tab.

Deleting policies

You can delete a test policy. If you do so:

  • Information on previous test runs will remain untouched

  • You will not be able to run Docker's command based on the deleted policy

  • If policy's Docker containers are running, they will continue to do so

  • When policy's Docker containers stop, you will not be able to re-run them