Example 1: First-Time Setup
Scenario: Create and test a new REST API target
# Step 1: Create configuration file (see Configuration File Format section)
cat > my-api-config.yaml <<EOF
description: My REST API Target
prompts:
- '{{prompt}}'
targets:
- id: http
config:
url: https://api.example.com/chat
method: POST
headers:
Content-Type: application/json
Authorization: Bearer \${API_TOKEN}
body:
prompt: '{{prompt}}'
responsePayload: response.text
redteam:
plugins:
- shell-injection
- sql-injection
- prompt-extraction
strategies:
- basic
purpose: |
Application: Production REST API
Purpose: Security testing for customer-facing chatbot
numTests: 30
maxConcurrency: 10
EOF
# Step 2: Set API credentials
export API_TOKEN="your-secret-token"
# Step 3: Create target in Mend Platform
mend ai redteam target-apply \
--config my-api-config.yaml \
--target-name "My REST API - Production"
# Step 4: Trigger test run
mend ai redteam target-run \
--target-name "My REST API - Production"
# Output: Job ID: abc-123-def-456
# Step 5: Wait for completion and check status
mend ai redteam get-status \
--job-id "abc-123-def-456" \
--wait 0
# Step 6: Retrieve results
mend ai redteam get-results \
--job-id "abc-123-def-456" \
--output results.json
Example 2: Update Existing Target
Scenario: Modify configuration of existing target
# Step 1: Download current configuration
mend ai redteam download \
--target-name "My REST API - Production" \
--file current-config.yaml
# Step 2: Edit configuration file
# (Edit current-config.yaml with your text editor)
# Example: Add new probes, change numTests, update endpoint
# Step 3: Apply updated configuration
mend ai redteam target-apply \
--config current-config.yaml \
--target-name "My REST API - Production"
# Step 4: Run tests with new configuration
mend ai redteam target-run \
--target-name "My REST API - Production"
Example 3: CI/CD Pipeline Integration
Scenario: Automated testing in GitHub Actions
name: Mend RedTeaming Security Tests
on:
push:
branches: [main]
schedule:
- cron: '0 2 * * *' # Daily at 2 AM
jobs:
security-test:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Setup Mend CLI
run: |
# Install Mend CLI
curl -sSL https://install.mend.io/cli | sh
- name: Authenticate to Mend
env:
MEND_TOKEN: ${{ secrets.MEND_TOKEN }}
run: |
mend auth login --token $MEND_TOKEN
- name: Set Mend Scope
env:
MEND_ORGANIZATION: ${{ secrets.MEND_ORG }}
MEND_APPLICATION: ${{ secrets.MEND_APP }}
MEND_PROJECT: ${{ secrets.MEND_PROJECT }}
run: |
export MEND_ORGANIZATION
export MEND_APPLICATION
export MEND_PROJECT
- name: Apply Target Configuration
env:
API_TOKEN: ${{ secrets.API_TOKEN }}
run: |
mend ai redteam target-apply \
--config ./config/security-test-config.yaml \
--target-name "Production API - CI"
- name: Run Security Tests
id: run_tests
run: |
OUTPUT=$(mend ai redteam target-run \
--target-name "Production API - CI")
# Extract Job ID
JOB_ID=$(echo "$OUTPUT" | grep "Job ID" | awk '{print $4}')
echo "job_id=$JOB_ID" >> $GITHUB_OUTPUT
- name: Wait for Test Completion
run: |
mend ai redteam get-status \
--job-id "${{ steps.run_tests.outputs.job_id }}" \
--wait 30m
- name: Retrieve Test Results
run: |
mend ai redteam get-results \
--job-id "${{ steps.run_tests.outputs.job_id }}" \
--format json \
--output test-results.json
- name: Upload Results
uses: actions/upload-artifact@v3
with:
name: security-test-results
path: test-results.json
- name: Check for Failures
run: |
# Parse results and fail build if vulnerabilities found
FAILED=$(jq '.summary.failed' test-results.json)
if [ "$FAILED" -gt 0 ]; then
echo "❌ Security tests failed: $FAILED vulnerabilities found"
exit 1
else
echo "✅ All security tests passed"
fi
Example 4: Batch Testing Multiple Targets
Scenario: Test multiple targets in sequence
#!/bin/bash
# batch-test.sh
TARGETS=(
"Production API"
"Staging API"
"Customer Chatbot"
)
for TARGET in "${TARGETS[@]}"; do
echo "Testing: $TARGET"
# Apply latest configuration
mend ai redteam target-apply \
--config "configs/${TARGET// /-}.yaml" \
--target-name "$TARGET"
# Run tests
OUTPUT=$(mend ai redteam target-run --target-name "$TARGET")
JOB_ID=$(echo "$OUTPUT" | grep "Job ID" | awk '{print $4}')
# Wait for completion
mend ai redteam get-status --job-id "$JOB_ID" --wait 0
# Save results
mend ai redteam get-results \
--job-id "$JOB_ID" \
--output "results/${TARGET// /-}-results.json"
echo "✓ Completed: $TARGET"
done
echo "All tests completed. Results saved to results/ directory"