Patronus API

The Patronus API Developer Hub

Welcome to the Patronus API developer hub. You'll find comprehensive guides and documentation to help you start working with our pentest module as quickly as possible, as well as support if you get stuck. Let's jump right in!

Get Started    API Reference

Pipeline Integration

Examples on how to integrate the pipeline-runner into your pipelines

Integrating the Pipeline-Runner into your Pipeline

For easy integration we provide a pipeline-runner that can be used in pipelines.
More information can be found at ptrn.us/runner-project

The pipeline-runner is available for the following systems:

  • Linux x64
  • Linux x86
  • MacOS x64
  • Windows x64
  • Windows x86

Feel free to contact us if you need compatibility with other systems.

You can download the pipeline-runner here: ptrn.us/runner

For Docker based Pipelines we also provide a Docker image including the pipeline-runner.
The image is hosted on our own registry and the docker hub.
Simply use: docker pull hub.gitlab.patronus.io/public-data/pipeline-runner:latest or docker pull patronusio/pipeline-runner

Example Pipelines

GitLab

Here an example .gitlab-ci.yml that executes the pipeline-runner via its Docker image.

stages:
  - test
  - build
  - deploy
  - pentesting

penetration-tests:
  image: patronusio/pipeline-runner
  stage: pentesting
  variables:
    API_KEY: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjoidXVpZCBvZiB0aGUgdXNlciIsInByb2plY3QiOiJ1dWlkIG9mIHRoZSBwcm9qZWN0IiwiaWF0IjowfQ.jiqqFk6LCGsJlf8jz2MwXS3ZNk_4lrYENYMrgG86OfA
  script:
    - pipeline-runner
  artifacts:
    paths:
      - pipeline-runner-reports

API-Keys should not be stored in repositories!

We recommend using GitLabs protected variables to pass the API-Key to the client.

You can additionally set GIT_STRATEGY: none in the variables block to prevent the gitlab-runner from cloning your code to that pipeline-step.

CircleCI

Here an example .circleci/config.yml that executes the pipeline-runner via its Docker image.

version: 2.1

workflows:
  version: 2
  my-workflow:
    jobs:
    - run-api:
        context: Patronus-API-Settings

jobs:
  run-api:
    docker:
    - image: patronusio/pipeline-runner
      command: ["/bin/bash"]
    steps:
    - run:
        name: run-API
        command: pipeline-runner
        no_output_timeout: 2h

API-Keys should not be stored in repositories!

We recommend using CircleCI contexts to pass the API-Key to the client.