42Crunch Launches New REST API Static Security Testing Extension for Azure Pipelines 

Enables Azure DevOps customers to extend their DevSecOps practices to REST APIs

IRVINE, CA, MARCH 18, 2020 — Today, the API security leader and creator of REST API DevSecOps tooling and the industry’s first API Firewall, 42Crunch, announced the launch of their new REST API Static Security Testing extension for Microsoft Azure Pipelines. This extension enables companies to easily enforce secure API design right from their CI/CD pipeline.  

With REST API proliferation and REST APIs becoming one of the top attack vectors, ensuring that all APIs that a company develops and hosts are secure by design can be a problem. And with CI/CD, any new API or any modification to existing APIs that developers add can get pushed to production without proper checks on security. Up until now, there has been no extension in the Azure marketplace that would have been specifically geared for the static analysis of REST API security.

The new 42Crunch extension for Microsoft Azure Pipelines allows companies to add REST API static security testing (SAST) right into their CI/CD pipeline. The benefits include:

  • Reduced risk of breach: Locate API contract files in the repository and run 200+ security checks covering OpenAPI standard requirements, authentication, authorization, and both incoming and outgoing data validation. This makes sure that no new or changed API can pass the test and get deployed to production if it does not meet your security standards.
  • Reduced fixing costs: Find and report security flaws at each pipeline run, providing immediate feedback to R&D.  
  • Increased R&D efficiency: 42Crunch API Contract Security Audit does not give false positives. Every issue reported is worth looking into. Issues are prioritized by impact, so developers know where to start. Every issue comes with a detailed knowledge base article explaining the issue, its severity, exploit scenario, and ways to fix it.

“Modern software development trends, such as cloud-native architectures, microservices, and serverless, have led to companies spinning up hundreds or even thousands of APIs,” says Jacques Declas, the CEO and founder of 42Crunch. “Agile processes and DevOps lead to new APIs being developed and existing APIs getting changed every day. No manual policies or checks can ensure that they are all securely designed and follow all the modern API security best practices. Today, 42Crunch is releasing an off-the-shelf API security extension for Azure DevOps to allow Azure Pipelines customers to automatically discover APIs built by their pipelines, and ensure that these APIs are secure by design.”

“DevSecOps has become the way for teams to stay agile and deliver business value while maintaining a high level of systems security,” says Steven Murawski, Cloud Advocate at Microsoft. “While Azure Pipelines already had security testing extensions for various parts of the application stack, there had been a glaring gap of the one specifically designed for REST APIs. We are happy to see 42Crunch bridge that gap with their solution.”

Now, any registered 42Crunch user who is also a user of Azure DevOps pipeline, can extend the pipeline with the 42Crunch REST API Security Audit Static Analysis extension.

Last year, 42Crunch launched an OpenAPI (Swagger) Editor for VS Code as part of an overall strategy to simplify and automate API security. The extension has been well received with a 5 star rating, and more than 47,000 installs. You can download it for free here.

42Crunch has also recently launched freemium model with free self-service registration at


REST API Security by Design with Azure Pipelines

Join Microsoft and 42Crunch for a live webinar Wednesday March 25th at 8am PST / 11am EST for a deep dive into a shift-left security approach using OpenAPI, Azure Pipelines, and 42Crunch.


About 42Crunch

42Crunch bridges the gap between API development and security teams with a simple, automated platform that provides auditing, live endpoint scanning, and micro API firewall protection. Unlike other solutions on the market, 42Crunch Platform empowers development, security, and operations teams with a set of integrated tools to easily build security into the foundation of the API, and enforce those policies throughout the API lifecycle. By delivering security as code, you enable a seamless DevSecOps experience, allowing innovation at the speed of business without sacrificing integrity. Visit to learn more. 

Visit our online community


Latest Resources


Top Things You Need to Know About API Security

Two of the API security industry’s leading experts, Dr Philippe de Ryck and Isabelle Mauny, guide you through some real-world cases of API security attacks and also share some best practices for securing your APIs.


What’s the best way to test an API for vulnerabilities? RTFM

By Tom Chang | June 11, 2024

If you’re a child of the 80s like me, you may have had the distinction of being the only one in your house who knew how to program your VCR. My motivation was strong. Clarinet lessons were interfering with my favorite show, the A Team. I was the […]


APIs are the core building block of every enterprise’s digital strategy, yet they are also the number one attack surface for hackers. 42Crunch makes developers’ and security practitioners' lives easier by protecting APIs, with a platform that automates security into the API development pipeline and gives full oversight of security policy enforcement at every stage of the API lifecycle.

Ready to Learn More?

Developer-first solution for delivering API security as code.