A GitHub Action and standalone script for scanning ABAP code for security vulnerabilities using the RedRays API.
This repository provides tools to integrate RedRays ABAP security scanning into your CI/CD pipelines. You can use it as:
- A GitHub Action in your workflows
- A standalone Python script that can run anywhere
The scanner analyzes your ABAP code for security vulnerabilities such as SQL injection, OS command execution, directory traversal, and other OWASP Top 10 issues.
Add the RedRays ABAP Security Scanner to your GitHub workflow:
name: RedRays ABAP Security Scan
on:
push:
branches: [ main, master, develop ]
pull_request:
branches: [ main, master, develop ]
# Optional: Add manual trigger
workflow_dispatch:
jobs:
scan-abap-code:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Scan ABAP code for security vulnerabilities
uses: redrays-io/redrays-cicd@v1
with:
api-key: ${{ secrets.REDRAYS_API_KEY }}
scan-dir: .
output-format: html
output-file: redrays_security_report.html
fail-on-vulnerabilities: 'true'
- name: Upload scan results
uses: actions/upload-artifact@v4
with:
name: redrays-security-report
path: redrays_security_report.html
retention-days: 7| Input | Description | Required | Default |
|---|---|---|---|
api-key |
RedRays API key | Yes | |
api-url |
RedRays API URL | No | https://api.redrays.io/api/scan |
scan-dir |
Directory containing ABAP files to scan | No | . |
files |
Comma-separated list of specific files to scan | No | |
output-format |
Report output format (csv, html, json) | No | html |
output-file |
Report output file path | No | redrays_security_report.html |
fail-on-vulnerabilities |
Fail the workflow if vulnerabilities are found | No | true |
| Output | Description |
|---|---|
report-path |
Path to the generated security report |
vulnerabilities-found |
Number of vulnerabilities found |
You can also use the scanner as a standalone Python script:
python redrays_scanner.py --api-key YOUR_API_KEY [options]--api-key RedRays API key (required)
--api-url RedRays API URL (default: https://api2.redrays.io/api/scan)
--scan-dir Directory containing ABAP files to scan
--files Comma-separated list of specific files to scan
--output-format Report output format (csv, html, json)
--output-file Report output file path
--debug Enable debug logging
Scan all ABAP files in the current directory:
python redrays_scanner.py --api-key YOUR_API_KEY --scan-dir .Scan specific files:
python redrays_scanner.py --api-key YOUR_API_KEY --files file1.abap,file2.abapChange output format:
python redrays_scanner.py --api-key YOUR_API_KEY --scan-dir . --output-format csvThe scanner can generate reports in several formats:
- HTML: Interactive report with detailed information about each vulnerability
- CSV: Tabular data format for importing into spreadsheets or databases
- JSON: Machine-readable format for further processing
To use the RedRays ABAP Security Scanner, you need an API key:
- Register at redrays.io
- Subscribe to a plan
- Get your API key from your account dashboard
- Add the API key as a secret in your GitHub repository
This project is licensed under the MIT License - see the LICENSE file for details.
Contributions are welcome! Please feel free to submit a Pull Request.
If you encounter any issues or have questions, please open an issue on the GitHub repository.