You can use Akto to help you secure your GraphQL APIs in CI/CD pipeline
- Automate GraphQL API Inventory
- Sensitive data exposure
- Run test for OWASP API top 10 vulnerabilities
- Write your own custom tests for GraphQL APIs
- Run tests in CI/CD
Akto can automatically prepare an API Inventory for GraphQL APIs. Use one of our traffic connectors. Akto will right away start populating APIs in the dashboard. You will see a separate entry for each Query, Mutation etc. You can see an example here.
Click on the API to see the schema for the query.
Go to Sensitive Data to check if your APIs are sending sensitive or PII data in the API response. You can also configure Slack/Webhook alerts for the same.
Click on the Run Test button to start testing your APIs for all OWASP Top 10 and Hackerone Top 10 vulnerabilities.
Using Akto's unique test editor, you can also write your own security tests for GraphQL APIs. See instructions for custom tests here. There are a few GraphQL-specific instructions that you can use -
- add-
- delete-
- modify-
You can also automate GraphQL Security Testing by using our GitHub action or pre-deployment hook to trigger tests in your CI/CD pipeline.
Feel free to write us at [email protected] for any help.