Run tests in CLI using Akto
Last updated
Was this helpful?
Last updated
Was this helpful?
Was this helpful?
You can also run Akto testing module on your CLI.
You can use the CLI if you want to run Akto tests locally on any API Collection.
The results from the CLI are NOT saved in Akto dashboard.
It is best used when developers want to run tests locally before committing to their branch. Note that the application host is chosen as in the API Collection by default.
You choose to override the application host url to localhost or a different staging URL.
Prepare the following environment vars -
AKTO_API_KEY
- Go to My accounts > Settings > Integrations > Akto API > Generate token. Copy the token generated.
AKTO_DASHBOARD_URL
- URL of your dashboard. Please ensure you can access dashboard
TEST_IDS
- Space-separated list of test IDs which you want to run eg. JWT_NONE_ALGO REMOVE_TOKENS
. You can also set it as ALL
to run all tests.
API_COLLECTION_NAME
- API collection name on which you want to run tests eg. juice_shop_demo.
API_COLLECTION_ID
- API collection id (integer) you want to run tests eg. 29623412. Only one of API_COLLECTION_NAME
and API_COLLECTION_ID
is required.
TEST_APIS
- Space-separated list of APIs you want to test. If absent, all APIs are selected
OVERRIDE_APP_URL
- change the staging application host. Akto will test APIs on this host
OUTPUT_LEVEL
- Output level of the result file. We have 4 output levels:
NONE
- No output file is generated.
SUMMARY
- [Default] The output file contains the tests executed and a list of all vulnerable APIs.
DETAILED
- The output file contains the SUMMARY
as well as description and impact of the executed tests.
DEBUG
- The output file contains DETAILED
output along with the original and attempt request and response for all the API tests.
Example CLI - (If you are not on Linux, please provide absolute path to your current directory instead of ${PWD})
docker run -v ${PWD}:/out \
-e AKTO_DASHBOARD_URL=https://flash.staging.akto.io \
-e TEST_IDS=JWT_NONE_ALGO \
-e API_COLLECTION_ID=1689063104 \
-e AKTO_API_KEY=OAzudPuzo8kh1234jCHtL3Vf0lTFzvDYZQMaKh4w \
-e OUTPUT_LEVEL=DETAILED \
aktosecurity/akto-api-testing-cli:latest
A short summary (API, Vulnerability, Severity) is printed on command line itself
A file output.txt
contains details of the test, based on the output level given.
If you see version mismatch error, consider matching release version of your dashboard vs testing-cli
Sample results -
Results are not saved in Akto dashboard.
Tests which use context will be skipped eg. AddUserId.yml
, OldApiVersion.yml
etc.