Charlton's Blog

Running DAST Scans With GitHub Advanced Security

Adding SARIF support to PowerSwigger's Dastardly makes it easy to view results in the Security Center

Published: Jul 10, 2023
Category: Programming, Projects, Security
Tags: , ,

GitHub Advanced Security’s Code Scanning is great, but what if you’d like to add DAST scans to the mix?

I’m pleased to announce my addition of SARIF support to PortSwigger’s Dastardly, their free, lightweight web application security scanner for CI/CD pipelines. With my Dastardly GitHub Action, it’s now easier than ever to find and triage scanning results right where you’d expect, in your repository’s Security Overview.

Check it out on GitHub.

You can also check out these cool example workflows I wrote to demonstrate how to execute Dastardly scans in GitHub Actions while hosting the application under test in a sidecar container on the runner itself.