Comment on page
Run tests in CLI using Akto
You can also run Akto testing module on your CLI.
- You can use the CLI if you want to run Akto tests locally on any API Collection.
- The results from the CLI are NOT saved in Akto dashboard.
- It is best used when developers want to run tests locally before committing to their branch. Note that the application host is chosen as in the API Collection by default.
- You choose to override the application host url to localhost or a different staging URL.
Prepare the following environment vars -
- 1.
AKTO_API_KEY
- Go to My accounts > Settings > Integrations > Akto API > Generate token. Copy the token generated. - 2.
AKTO_DASHBOARD_URL
- URL of your dashboard. Please ensure you can access dashboard - 3.
TEST_IDS
- Space-separated list of test IDs which you want to run eg.JWT_NONE_ALGO REMOVE_TOKENS
. You can also set it asALL
to run all tests. - 4.
API_COLLECTION_NAME
- API collection name on which you want to run tests eg. juice_shop_demo. - 5.
API_COLLECTION_ID
- API collection id (integer) you want to run tests eg. 29623412. Only one ofAPI_COLLECTION_NAME
andAPI_COLLECTION_ID
is required. - 6.
TEST_APIS
- Space-separated list of APIs you want to test. If absent, all APIs are selected - 7.
OVERRIDE_APP_URL
- change the staging application host. Akto will test APIs on this host - 8.
OUTPUT_LEVEL
- Output level of the result file. We have 4 output levels:- 1.
NONE
- No output file is generated. - 2.
SUMMARY
- [Default] The output file contains the tests executed and a list of all vulnerable APIs. - 3.
DETAILED
- The output file contains theSUMMARY
as well as description and impact of the executed tests. - 4.
DEBUG
- The output file containsDETAILED
output along with the original and attempt request and response for all the API tests.
Example CLI - (If you are not on Linux, please provide absolute path to your current directory instead of ${PWD})
docker run -v ${PWD}:/out \
-e AKTO_DASHBOARD_URL=https://flash.staging.akto.io \
-e TEST_IDS=JWT_NONE_ALGO \
-e API_COLLECTION_ID=1689063104 \
-e AKTO_API_KEY=OAzudPuzo8kh1234jCHtL3Vf0lTFzvDYZQMaKh4w \
-e OUTPUT_LEVEL=DETAILED \
aktosecurity/akto-api-testing-cli:latest
- 1.A short summary (API, Vulnerability, Severity) is printed on command line itself
- 2.A file
output.txt
contains details of the test, based on the output level given. - 3.If you see version mismatch error, consider matching release version of your dashboard vs testing-cli
Sample results -
- 1.Results are not saved in Akto dashboard.
- 2.Tests which use context will be skipped eg.
AddUserId.yml
,OldApiVersion.yml
etc.
Last modified 1mo ago