42Crunch API Security Platform May 2021 Release

Our May 2021 update just went live, and I am here to tell you the details.

Updated CI/CD plugins and repository data in the platform

42Crunch provides off-the-shelf plugins for a variety of CI/CD pipelines.

These can discover OpenAPI files in the repository, upload them to the 42Crunch platform, perform Security Audit, and succeed or fail depending on the audit results.

We have released new major versions of these plugins:

  • For API collections and APIs created and updated by the plugins, the 42Crunch user interface now shows their repository information: repository, branch, and path

  • On subsequent runs, the plugins automatically update the API collection created for this repository and branch. APIs deleted from the branch get removed, new APIs added, existing APIs updated to the latest version of the OpenAPI file.
  • You can set up the plugins to create these branch collections as private or share them with your organization.

See our CI/CD documentation for details.

Security Audit improvements: Better loose pattern detection, 406 response check

We keep improving our static analysis – 42Crunch Security Audit.

  • Loose string pattern check now goes beyond the proverbial .* and .+ and covers many more similar patterns. About 160 more. 😉 This helps protect APIs against injection attacks and other unexpected inputs.
  • 406 response check helps follow the best practices and define the Not Acceptable API response.

Scan Report: Clear separation of tests and issues

Conformance Scan reports now clearly separate information on the tests performed and the issues that the tests uncovered.

Postman Collection

If you want to learn more about using 42Crunch’s own APIs for platform scripting and integration, we have published our official Postman collection.

And there’s more

See our release notes for other improvements, fixes, known issues, and compatible versions of the 42Crunch firewall and conformance scan agent.

Latest Resources


Something Old, Something New – OWASP API Security Top 10 in 2023

42Crunch’s Colin Domoney takes a look at the new OWASP API Security 2023 listing, identifying which vulnerabilities are new, which have not changed and which have been removed.


How to Embed API Security Testing into the Development Lifecycle without Delaying Production Rollout

By Mark Dolan | September 19, 2023

This is the first in a 3-part series of blogs exploring how 42Crunch assists enterprises with API security compliance. In her seminal blogpost, “Shifting Security to the Left” Shannon Lietz explains how including security testing earlier in the development lifecycle makes for longer-lived and more resilient software. The principles she advocates for are also what guides us at 42Crunch..


APIs are the core building block of every enterprise’s digital strategy, yet they are also the number one attack surface for hackers. 42Crunch makes developers’ and security practitioners' lives easier by protecting APIs, with a platform that automates security into the API development pipeline and gives full oversight of security policy enforcement at every stage of the API lifecycle.

Ready to Learn More?

Developer-first solution for delivering API security as code.