Quickstart
You can begin scanning your APIs via any of the following methods:
Nullify Web App
To initiate a scan via the Nullify Web App, navigate to the API Scans
page under "Explore" (/dashboard/explore/api-scans/
) and click on the New API Scan
button.

Fill out the form and click on the Launch
button.
Nullify CLI
The Nullify CLI can be used to scan your APIs locally or as part of your CI/CD pipeline.
Before you begin, you will need to generate a Service Account token, as described in the Configuration - API section.
To initiate a scan via the Nullify CLI, follow the instructions listed in the README of the Nullify CLI tool.
Here's an example command to initiate a cloud-based scan:
nullify dast \
--app-name "My REST API" \ # The name of your API
--spec-path "./openapi.json" \ # The local path to your OpenAPI specification file
--target-host "https://api.myapp1234.dev" \ # The target host of your API
--github-owner "my-username" \ # The owner of the GitHub repository
--github-repo "my-repo" \ # The name of the GitHub repository
--header "Authorization: Bearer 1234,X-Custom-Header: abcxyz" # Optional: Additional headers to include in the scan
Nullify GitHub Action
To configure dynamic testing, follow the instructions to add the Nullify GitHub Action to your CI/CD pipeline.
Last updated
Was this helpful?