⨠ Update introspection
The GraphQL introspection (or schema), includes data like types, fields, queries, mutations, and even the field-level descriptions.
By default, Escape will always fetch the latest introspection from your GraphQL endpoint. However, if your introspection is closed, you can still update it manually or programmatically. Escape supports the programmatic update of introspection schemas or GraphQL schemas inside the CI/CD. Using this feature, you can automatically keep your introspection schema in sync even if your introspection is closed. By uploading a GraphQL schema or an introspection response from a CI/CD environment, Escape will always be aware of your latest schema changes before a scan is started.
You can also manually update your application introspection on Escape.
- GitHub Action
- Gitlab CI
- CLI
- API
# https://github.com/Escape-Technologies/action
name: Post Deploy
on:
push:
branches:
- staging
jobs:
Escape:
runs-on: ubuntu-latest
steps:
- name: Escape Scan
uses: Escape-Technologies/action@v0
with:
application_id: ${{ secrets.ESCAPE_APPLICATION_ID }}
api_key: ${{ secrets.ESCAPE_API_KEY }}
schema_file: relative/path/to/schema/from/repo/root/schema.graphql
// or
introspection_file: relative/path/to/schema/from/repo/root/introspection.json
Escape:
stage: post-deploy
needs:
- deploy # name of your deployment job
variables: # you can find those secrets directly in your Escape Application Settings
- ESCAPE_APPLICATION_ID: $ESCAPE_APPLICATION_ID
- ESCAPE_API_KEY: $ESCAPE_API_KEY
- SCHEMA_FILE: relative/path/to/schema/from/repo/root/schema.graphql
// or
- INTROSPECTION_FILE: relative/path/to/schema/from/repo/root/introspection.json
image: node:alpine
before_script:
- npm install -g @escape.tech/action
- npm show @escape.tech/action version
script:
- escape-action
allow_failure: true
only:
refs:
- staging
export ESCAPE_APPLICATION_ID=<YOUR APPLICATION ID>
export ESCAPE_API_KEY=<YOUR API KEY>
export SCHEMA_FILE="relative/path/to/schema/from/repo/root/schema.graphql"
// or
export INTROSPECTION_FILE="relative/path/to/schema/from/repo/root/introspection.json"
npm i -g @escape.tech/action
escape-action
export APPLICATION_ID=<YOUR APPLICATION ID>
export API_KEY=<YOUR API KEY>
export INTROSPECTION=$(cat relative/path/to/schema/from/repo/root/introspection.json)
curl -X POST \
-H "Authorization: Key $API_KEY" \
-H "Content-Type: application/json" \
-d "{ \"introspection\": $INTROSPECTION }"
https://api-public.prod.cloud.escape.tech/applications/$APPLICATION_ID/start-scan