The API Tester is a specialized microservice within the Project Vigilion by CSE - Cyber at UoM platform designed to validate and secure API endpoints. It allows users to define, manage, and execute security tests against target APIs.
- Endpoint Management: Create and organize API endpoints for testing.
- Automated Testing: Run security checks against defined endpoints.
- Integration: Seamlessly integrates with the Vigilion Dashboard for reporting and control.
To run this service independently:
-
Build the Image:
docker build -t registry/api-tester . -
Run Container:
docker run -p 8004:8004 --env-file .env registry/api-tester
The service will be available at http://localhost:8004.
This service is deployed as part of the main Deployment-Repo stack. Configured via env/api-tester/.env.
This service exposes a native, lightweight /metrics endpoint returning Prometheus-formatted telemetry (such as uptime, memory, and CPU usage).
- Metrics Endpoint:
/metrics - Scraping Config: Configured with annotations
prometheus.io/scrape: "true"in the deployment manifest.
GitHub Actions workflow is located at .github/workflows/deploy.yml which triggers on push to main branch:
- Build Optimization: Uses
docker/setup-buildx-action@v3with layer caching enabled (cache-from: type=gha,cache-to: type=gha,mode=max). - Target Registry:
csecyber/api-tester - Tags Generated: Dual tags for
:latestand the unique commit hash:${ github.sha }.