# Engagement Workflow

You can launch a pentester engagement through the web console, CLI, or automation pipelines.

## Web Console

1. Navigate to **Explore → API Engagements**.
2. Click **New Engagement** and provide the application name, target host, and OpenAPI specification.
3. Optional: attach authentication headers or recorded traffic to bootstrap deeper testing.
4. Submit to start the hands-off assessment. Progress and findings stream back into the console and configured connectors.

![Launch a new engagement](/files/gpVnfiDE534MQCbenPTO)

## CLI

Use the CLI when you want to run engagements locally or wire them into custom pipelines. Generate a service-account token first (see [API Configuration](https://github.com/Nullify-Platform/nullify/blob/main/public-docs/getting-started/configuration-api.md)).

```bash
nullify dast \
  --app-name      "Payments API" \
  --spec-path     "./openapi.json" \
  --target-host   "https://api.example.dev" \
  --github-owner  "my-org" \
  --github-repo   "payments-service" \
  --header        "Authorization: Bearer 1234, X-Custom-Header: abcxyz"
```

> ℹ️ The CLI command retains the `dast` verb for backwards compatibility; upcoming releases will alias it to `pentester`.

## GitHub Action

Automate engagements in CI by adopting the [Nullify Pentester Action](https://github.com/Nullify-Platform/dast-action) (published as `dast-action`). Configure it to run on release branches, nightly jobs, or bespoke workflows. Findings are routed back through the Nullify API and any connected ticketing systems.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.nullify.ai/capabilities/pentests/engagement-workflow.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.