GitHub Actions for TotalAppSec
The Qualys GitHub Actions for Web Application Scanning (WAS) allows DevOps teams to build application vulnerability scans into their existing CI/CD processes. By integrating web application scans in this manner, application security testing is accomplished earlier in the Software Development Life Cycle (SDLC) to catch and eliminate security flaws.
Prerequisites
A valid Qualys subscription with the TotalAppSec application activated.
Access to Qualys TotalAppSec application API in the Qualys GitHub Actions for WAS. Refer to the WAS API User Guide and check the permissions required for the following APIs.
-
Launch Scans (Single): /qps/rest/3.0/launch/was/wasscan/
-
Retrieve Scan Status: /qps/rest/3.0/status/was/wasscan/<id>
-
Retrieve Scan Results: /qps/rest/3.0/download/was/wasscan/<id>
For more information, refer to the Qualys GitHub Actions for WAS.