Complete Examples for Target Setup and Testing

Example 1: First-Time Setup

Scenario: Create and test a new REST API target

# Step 1: Create configuration file (see Configuration File Format section)
cat > my-api-config.yaml <<EOF
description: My REST API Target
prompts:
  - '{{prompt}}'
targets:
  - id: http
    config:
      url: https://api.example.com/chat
      method: POST
      headers:
        Content-Type: application/json
        Authorization: Bearer \${API_TOKEN}
      body:
        prompt: '{{prompt}}'
      responsePayload: response.text
redteam:
  plugins:
    - shell-injection
    - sql-injection
    - prompt-extraction
  strategies:
    - basic
  purpose: |
    Application: Production REST API
    Purpose: Security testing for customer-facing chatbot
  numTests: 30
  maxConcurrency: 10
EOF
# Step 2: Set API credentials
export API_TOKEN="your-secret-token"
# Step 3: Create target in Mend Platform
mend ai redteam target-apply \
  --config my-api-config.yaml \
  --target-name "My REST API - Production"
# Step 4: Trigger test run
mend ai redteam target-run \
  --target-name "My REST API - Production"
# Output: Job ID: abc-123-def-456
# Step 5: Wait for completion and check status
mend ai redteam get-status \
  --job-id "abc-123-def-456" \
  --wait 0
# Step 6: Retrieve results
mend ai redteam get-results \
  --job-id "abc-123-def-456" \
  --output results.json

Example 2: Update Existing Target

Scenario: Modify configuration of existing target

# Step 1: Download current configuration
mend ai redteam download \
  --target-name "My REST API - Production" \
  --file current-config.yaml
# Step 2: Edit configuration file
# (Edit current-config.yaml with your text editor)
# Example: Add new probes, change numTests, update endpoint
# Step 3: Apply updated configuration
mend ai redteam target-apply \
  --config current-config.yaml \
  --target-name "My REST API - Production"
# Step 4: Run tests with new configuration
mend ai redteam target-run \
  --target-name "My REST API - Production"

Example 3: CI/CD Pipeline Integration

Scenario: Automated testing in GitHub Actions

name: Mend RedTeaming Security Tests
on:
  push:
    branches: [main]
  schedule:
    - cron: '0 2 * * *'  # Daily at 2 AM
jobs:
  security-test:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v3
      - name: Setup Mend CLI
        run: |
          # Install Mend CLI
          curl -sSL https://install.mend.io/cli | sh
      - name: Authenticate to Mend
        env:
          MEND_TOKEN: ${{ secrets.MEND_TOKEN }}
        run: |
          mend auth login --token $MEND_TOKEN
      - name: Set Mend Scope
        env:
          MEND_ORGANIZATION: ${{ secrets.MEND_ORG }}
          MEND_APPLICATION: ${{ secrets.MEND_APP }}
          MEND_PROJECT: ${{ secrets.MEND_PROJECT }}
        run: |
          export MEND_ORGANIZATION
          export MEND_APPLICATION
          export MEND_PROJECT
      - name: Apply Target Configuration
        env:
          API_TOKEN: ${{ secrets.API_TOKEN }}
        run: |
          mend ai redteam target-apply \
            --config ./config/security-test-config.yaml \
            --target-name "Production API - CI"
      - name: Run Security Tests
        id: run_tests
        run: |
          OUTPUT=$(mend ai redteam target-run \
            --target-name "Production API - CI")
          # Extract Job ID
          JOB_ID=$(echo "$OUTPUT" | grep "Job ID" | awk '{print $4}')
          echo "job_id=$JOB_ID" >> $GITHUB_OUTPUT
      - name: Wait for Test Completion
        run: |
          mend ai redteam get-status \
            --job-id "${{ steps.run_tests.outputs.job_id }}" \
            --wait 30m
      - name: Retrieve Test Results
        run: |
          mend ai redteam get-results \
            --job-id "${{ steps.run_tests.outputs.job_id }}" \
            --format json \
            --output test-results.json
      - name: Upload Results
        uses: actions/upload-artifact@v3
        with:
          name: security-test-results
          path: test-results.json
      - name: Check for Failures
        run: |
          # Parse results and fail build if vulnerabilities found
          FAILED=$(jq '.summary.failed' test-results.json)
          if [ "$FAILED" -gt 0 ]; then
            echo "❌ Security tests failed: $FAILED vulnerabilities found"
            exit 1
          else
            echo "✅ All security tests passed"
          fi

Example 4: Batch Testing Multiple Targets

Scenario: Test multiple targets in sequence

#!/bin/bash
# batch-test.sh
TARGETS=(
  "Production API"
  "Staging API"
  "Customer Chatbot"
)
for TARGET in "${TARGETS[@]}"; do
  echo "Testing: $TARGET"
  # Apply latest configuration
  mend ai redteam target-apply \
    --config "configs/${TARGET// /-}.yaml" \
    --target-name "$TARGET"
  # Run tests
  OUTPUT=$(mend ai redteam target-run --target-name "$TARGET")
  JOB_ID=$(echo "$OUTPUT" | grep "Job ID" | awk '{print $4}')
  # Wait for completion
  mend ai redteam get-status --job-id "$JOB_ID" --wait 0
  # Save results
  mend ai redteam get-results \
    --job-id "$JOB_ID" \
    --output "results/${TARGET// /-}-results.json"
  echo "✓ Completed: $TARGET"
done
echo "All tests completed. Results saved to results/ directory"