Applies to ReadyAPI 2.7, last modified on June 25, 2019

Use the security test runner to run ReadyAPI security tests from the command line.

The runner is located in the <ReadyAPI>/bin directory. The file name is securitytestrunner.bat (Windows) or securitytestrunner.sh (Linux and macOS).

To configure the command line of the runner visually, start it from the ReadyAPI user interface. See Command Line Runner GUI.

General syntax

The command line has the following format:

securitytestrunner.bat [optional-arguments] <test-project>

Required arguments

test-project

The fully qualified path to the project that contains the security tests to be run. If the file name or path includes spaces, enclose the entire argument in quotes.

Examples:

C:\Work\readyapi-project.xml
C:\Work\composite-project

Optional arguments

-a

Specifies whether the runner will export all the generated test results. If you skip this argument, the runner will export only errors.

-A

Commands the runner to create folders and subfolder for the test results of test suites and test cases. The folders are organized into a structure that is similar to the structure of the corresponding test suites and test cases. To specify the root directory, use the ‑f argument.

If you skip the -A argument, the runner will save all the files containing the results to the directory that the ‑f argument specifies. The file names will include the names of the test suite and test case.

The runner ignores this attribute depending on the -R command-line argument value.

-c<test case>

Specifies the test case to be run.

In ReadyAPI, the names of the parent test suite and test case are shown in the Navigator right after the security test name in the following format: <security test> (<test suite> -> <test case>):

ReadyAPI: The test case name in the Security Test editor

If you do not specify this argument, the runner will launch all the security tests that relate to the parent test suite. Also, see the description of the -s argument.

Example:

"-cTestCase 1"

-d<domain>

Specifies the domain the simulated requests will use for authorization.

This argument overrides the authorization domain specified for test steps in your test project.

-D

Assigns a value to a system property for the test run. The specified value will override the current system property value during the test run.

Usage: -D<variable>=<value>. If the value includes spaces, enclose the entire argument in quotes. To override several variable values, specify the -D argument several times.

Example:

-Dtest.history.disabled=true

-e<endpoint>

Specifies the endpoint to be used in test requests. The specified endpoint should include the protocol part (for example, https://).

This argument overrides the endpoints specified for test steps in your test project. See the description of the -h argument, as well.

Note: The runner ignores this parameter if -E is specified. In this case, the endpoint is taken from the environment settings.

Example:

-ehttp://www.soapui.org/sample

-E<environment>

Specifies the environment to be used during the test run. If specified, ‑e, ‑u, and ‑p parameters so that the values are taken from the environment.

Example:

-ENewEnvironment

-f<directory>

Specifies the root directory where the runner will save the files containing the test results. If the specified directory does not exist, it will be created.

If the directory exists, the report files it contains will be overwritten.

Example:

-fC:\Work\ReadyAPI-test-results

-F<args>

Specifies the format of the exported reports. Usage: -F<FormatName>. The supported formats include: PDF, XLS, HTML, RTF, CSV, TXT, XML.

You must always specify at least one parameter for this argument.

To export results in several formats, separate them with commas. For example, ‑FPDF,XML,CSV.

The runner ignores the -F argument depending on the value of the -R argument. See the description of the -R argument below.

-G<args>

Assigns a value to a global property for the test run. The specified value will override the current global property value during the test run. Usage: -G<variable>=<value>. If the value includes spaces, enclose the entire argument in quotes. To override several variable values, specify the -G argument several times.

Example:

-Gglobal.property=true

-h<host:port>

Specifies the host and port to be used in test requests.

Usage: -h<host>:<port>. To specify the host, use its IP address or name.

This argument overrides the endpoints specified in the project file. See the description of the -e argument, as well.

Example:

-h127.46.44.12:80

-H<args>

Use this argument to add a custom HTTP header to all simulated requests. Usage: -H<header>=<value>. To add several headers, specify the -H argument several times.

Example:

-Hx-content-type-options=nosniff

-i

Commands the runner to enable UI-related components. Use this command-line argument when using the UISupport class in your tests.

-I

Commands the runner to ignore errors. If you specify this argument in the command line, the test log will contain no information on the errors that occurred during the test run.

If you skip this argument, the runner will stop the run on the first error that occurs and will post full information about the error to the log.

-j

Commands the runner to generate JUnit-compatible reports. This argument is similar to the "-RJUnit-style HTML Report" command-line argument.

-M

Commands the runner to create an XML file with brief test results. This argument does not depend on other command-line arguments that concern the result export: -F, -R and -A.

-n<security-test-name>

The name of the security test to be run. Usage -n<security-test-name>. If the test name includes spaces, enclose the entire parameter in quotes. If this parameter is not specified, the runner will execute all the security tests of the specified test case.

Example:

-nSecurityTest1

-o

Commands the runner to open the generated reports in your default web browser after the test run is over.

-O

Commands the runner not to collect or send usage statistics.

-P<args>

Assigns a value to a project property for the test run. The specified value will override the current project property value during the test run. Usage: -P<variable>=<value>. If the value includes spaces, enclose the entire argument in quotes. To override several variable values, specify the -P argument several times.

Example:

-Pproject.property=true

-p

Specifies the password to be used during the test run for authorization.

This argument overrides the authorization password specified in your test project.

Note: The runner ignores this parameter if -E is specified. In this case, the password is taken from the environment settings.

-r

Commands the runner to include a summary report in the test log.

-R<args>

Specifies the type of the report data. Usage: -R<Report type>. For The Report type, use one of the following:

  • Security Issues Report – Creates a security report in the PDF format with information about all the security issues that were detected. For more information, see Security Issues Report.

  • SecurityTest Report – Creates a printable report with information on what scans were performed and the results of the scans. See Security Test Report for more information.

  • Data Export – Generates a report in the XML format. See Data Export For Automation.

    If you also use the -F argument to specify the report format, set it to XML or omit it.

Use the -f argument to specify the directory where the runner will save the generated report files.

Example:

-R"SecurityTest Report"

-s<test suite>

Specifies the test suite to be run.

In ReadyAPI, the names of the parent test suite and test case are shown in the Navigator panel right after the name of the security test in the following format: <security test> (<test suite> -> <test case>):

ReadyAPI: Parent Test Suite

If you do not specify this argument, the runner will launch all the security tests of the specified project.

Example:

"-sTestSuite 1"

-S

Commands the runner to save the test project after the test run is over. This command-line argument may be useful if you store data within the project during the test run.

-t<settings file>

Specifies the ReadyAPI settings file to use during the test run. If you skip this command-line argument, the runner will use the default soapui-settings.xml file located in your user directory.

Use this argument to specify another setting file for the run. It helps you use different proxy, SSL, HTTP and other settings without changing them in ReadyAPI.

Also, see the description of the -v argument.

-u<username>

Specifies the user name to be used for request authorization.

This argument overrides the user names specified in your test project.

Note: The runner ignores this parameter if -E is specified. In this case, the user name is taken from the environment settings.

-v<password>

Specifies the password for the XML settings file.

Also, check the description of the -t argument.

-w<password type>

Specifies the WSS password type. Usage: -w<password type>, where <password type> is one of the following:

  • Text – Corresponds to the PasswordText WSS password type.

  • Digest – Corresponds to the PasswordDigest WSS password type.

-x<password>

Specifies the project password in case the project is encrypted.

Examples

  • The following command runs all the security tests of the specified project:

    securitytestrunner.bat "C:\my projects\my-project.xml"
  • The following command runs the SecurityTest1 test of the specified project and exports the results in the PDF format to the C:/Results directory:

    securitytestrunner.bat -FPDF -f"C:\Test Results" -R"Security Issues Report" -nSecurityTest1 "C:\my projects\my-project.xml"

See Also

About the Command-Line Runner
Automating Test Runs
Security TestRunner Exit Codes
Security Tests Licenses

Highlight search results