Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

@escape.tech/action

Package Overview
Dependencies
Maintainers
4
Versions
60
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@escape.tech/action

Action for Escape Tech using command line.

latest
npmnpm
Version
0.0.60
Version published
Weekly downloads
7
40%
Maintainers
4
Weekly downloads
 
Created
Source

Escape CLI

Escape CLI is a command line interface for Escape.

It allows you to run Escape actions from the command line.

Installation

$ npm install -g @escape.tech/action

Usage

$ escape-action --help
Options:
      --version  Display the version number                            [boolean]
  -o, --output   Specify the JSON output file                           [string]
      --no-fail  Do not fail the CI if there are vulnerabilities.
                                                      [boolean] [default: false]
  -r             Show remediations in report.         [boolean] [default: false]
      --pdf      Download pdf report.                 [boolean] [default: false]
      --zip      Download exchange archive (zip file).[boolean] [default: false]
  -h, --help     Show help                                             [boolean]

Setup

This action requires an application ID and an API key to be provided. You can find both of these in the settings tab of your application on escape.

  • ESCAPE_APPLICATION_ID: The application id to run the action on
  • ESCAPE_API_KEY: The API key to use to authenticate with Escape
  • TIMEOUT: The timeout for the action to run (default: 1200, 0 is non blocking action)
  • FAIL_ON_SEVERITIES: a csv-delimited string that should contain either of these severities to define a failure of the cli (exit code 1)
    • HIGH
    • MEDIUM
    • LOW
    • INFO
  • FAIL_ON_COMPLIANCE: a JSON string to define exact controls in an array (or all of them with *), per compliance framework supported
    • OWASP
    • PCI_DSS
    • GDPR
    • SOC2
    • PSD2
    • ISO27001
    • NIST
    • FEDRAMP

And all exact control values are documented at https://docs.escape.tech/documentation/dast/vulnerabilities/

{
  "OWASP": ["API8:2023", "API7:2023"],
  "PCI_DSS": ["*"],
  "GDPR": ["Article-32"],
  "NIST": ["*"],
  "FEDRAMP": ["AC-4"]
}

And you get feedback in error logs to review the exact failure reasons:

2024-02-07 08:28:32 [ error ] Exiting with status code 1 because alerts violated compliance configuration, detailed results: [{"testName":"Invalid input format detected","complianceFramework":"OWASP","complianceControlValue":"API8:2023","inViolation":true},{"testName":"Invalid input format detected","complianceFramework":"PCI_DSS","complianceControlValue":"6.5.1","inViolation":true},{"testName":"Invalid input format detected","complianceFramework":"GDPR","complianceControlValue":"Article-32","inViolation":true},{"testName":"Misconfigured Allow-Origin header","complianceFramework":"OWASP","complianceControlValue":"API7:2023","inViolation":true},{"testName":"Misconfigured Allow-Origin header","complianceFramework":"PCI_DSS","complianceControlValue":"6.5.10","inViolation":true},{"testName":"Misconfigured Allow-Origin header","complianceFramework":"GDPR","complianceControlValue":"Article-32","inViolation":true},{"testName":"Misconfigured Allow-Origin header","complianceFramework":"FEDRAMP","complianceControlValue":"AC-4","inViolation":true},{"testName":"Insecure Security Policy header","complianceFramework":"OWASP","complianceControlValue":"API7:2023","inViolation":true},{"testName":"Insecure Security Policy header","complianceFramework":"PCI_DSS","complianceControlValue":"6.5.10","inViolation":true},{"testName":"Insecure Security Policy header","complianceFramework":"GDPR","complianceControlValue":"Article-32","inViolation":true},{"testName":"Content-Type sniffing enabled","complianceFramework":"OWASP","complianceControlValue":"API7:2023","inViolation":true},{"testName":"Content-Type sniffing enabled","complianceFramework":"PCI_DSS","complianceControlValue":"6.5.10","inViolation":true},{"testName":"Content-Type sniffing enabled","complianceFramework":"GDPR","complianceControlValue":"Article-32","inViolation":true},{"testName":"Content-Type sniffing enabled","complianceFramework":"FEDRAMP","complianceControlValue":"AC-4","inViolation":true},{"testName":"Debug mode enabled","complianceFramework":"OWASP","complianceControlValue":"API7:2023","inViolation":true},{"testName":"Debug mode enabled","complianceFramework":"PCI_DSS","complianceControlValue":"6.5.5","inViolation":true},{"testName":"Debug mode enabled","complianceFramework":"GDPR","complianceControlValue":"Article-32","inViolation":true},{"testName":"Missing X-Frame-Options header","complianceFramework":"OWASP","complianceControlValue":"API7:2023","inViolation":true},{"testName":"Missing X-Frame-Options header","complianceFramework":"PCI_DSS","complianceControlValue":"6.5.1","inViolation":true},{"testName":"Missing X-Frame-Options header","complianceFramework":"GDPR","complianceControlValue":"Article-32","inViolation":true}]

For detailed instructions on how to set up your application, please refer to the Escape CI/CD documentation.

JSON Output

With the -o / --output cli options, you can get a JSON formatted file report of your scan, for example to store in a Jenkins build artifact.

{
  "id": "xxxx",
  "status": "SUCCESS",
  "duration": 55.618,
  "createdAt": "2024-02-01T16:17:09.631Z",
  "createdSince": 54,
  "completionRatio": 1,
  "readonlyAccessToken": "xxx",
  "securityTests": [
    {
      "failureName": "Invalid input format detected",
      "ignored": false,
      "alerts": [{ "ignored": false }],
      "severity": "HIGH"
    }
  ],
  "filteredSecurityTests": [
    {
      "failureName": "Invalid input format detected",
      "ignored": false,
      "alerts": [{ "ignored": false }],
      "severity": "HIGH"
    }
  ]
}

PDF report

The --pdf option allows you to download a PDF report of the scan results. The report includes information about the security tests that were run, the results of those tests, and any remediations that are recommended. The PDF report will be saved to the current directory.

Exchange Archive

The --zip option allows you to download an exchange archive (zip file) of the scan results. The archive includes the raw JSON data for the scan results, as well as any attachments that were uploaded during the scan. The exchange archive will be saved to the current directory.

Remediation in report

The --r option allows you to include remediations in the report. Remediations are recommended actions that can be taken to address any security vulnerabilities that are found during the scan. The report will be printed to the console, and will include the remediations for any security tests that failed.

Keywords

action
continuous integration
graphql
security

FAQs

Package last updated on 22 May 2025

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Announcing Socket Fix 2.0

Product

Announcing Socket Fix 2.0

Socket Fix 2.0 brings targeted CVE remediation, smarter upgrade planning, and broader ecosystem support to help developers get to zero alerts.

By Martin Torp, John-David Dalton, Jeppe Fredsgaard Blaabjerg, Benjamin Barslev, Oskar Haarklou Veileborg  -  Sep 10, 2025
SocketSocket SOC 2 Logo

Product

About

Packages

Explore npm
Explore Cargo
Explore Go
Explore Maven
Explore NuGet
Explore PyPI
Explore Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc

U.S. Patent No. 12,346,443 & 12,314,394. Other pending.