42Crunch Launches New REST API Static Security Testing Extension for Bitbucket Pipelines

IRVINE, CA, JUNE 16, 2020 — Today, the API security leader and creator of the industry’s first API Firewall, 42Crunch, announced the launch of their new REST API Static Security Testing extension for Atlassian’s code collaboration and CI/CD solution, Bitbucket Pipelines. This extension enables companies to easily enforce secure API design right from their CI/CD pipeline — making it easier than ever to enable a DevSecOps process for API security.

The transition to cloud-native, microservice-based and serverless architectures had led to proliferation of APIs. Applications now have components talking to each other via APIs over network. Thus, companies end up having hundreds if not thousands of APIs. As applications evolve, developers keep changing APIs and spinning up new ones each time a new component gets added to the system.

APIs thus have become the new application attack surface and the one that is extremely hard to control considering its constant change.

With the ever-rising privacy and cybersecurity requirements and the potential catastrophic consequences of a breach, companies are turning to DevSecOps approach to enable automated security static analysis and security testing as part of their CI/CD pipelines. This allows companies to establish and maintain the security of their systems while maintaining agility and delivering business requirements. 

The new 42Crunch extension for Bitbucket Pipelines allows companies to add REST API static security testing (SAST) right into their CI/CD pipeline. The benefits include:

  • Reduced risk of breach: Locate API contract files in the repository and run 200+ security checks covering OpenAPI standard requirements, authentication, authorization, and both incoming and outgoing data validation. This ensures that no new or changed API can pass the test and get deployed to production if it does not meet your security standards.
  • Reduced fixing costs: Find and report security flaws at each pipeline run, providing immediate feedback to R&D.  
  • Increased R&D efficiency: 42Crunch API Contract Security Audit does not give false positives. Every issue reported is worth looking into. Issues are prioritized by impact, so developers know where to start. Every issue comes with a detailed knowledge base article explaining the issue, its severity, exploit scenario, and ways to fix it.



“The natural way to address the complex, agile, and decentralized nature of modern apps is to shift security left – make security part of the DevOps process to become DevSecOps,” says Dmitry Sotnikov, Chief Product Officer at 42Crunch. “The 42Crunch REST API Static Security Testing Extension for Bitbucket delivers REST API discovery and security audit right in customers’ CI/CD pipeline.”

Now, any registered 42Crunch user who is also a user of Bitbucket Pipelines, can extend the pipeline with the 42Crunch REST API Security Audit Static Analysis extension. Check out our tutorial page to see it in action!

42Crunch has also recently launched a freemium model with free self-service registration at


Bitbucket Blog: Shift left with Code Insights for Bitbucket Cloud 


Webinar: Let’s shift API Security Left! Sure, but how?

In this webinar, we will prep you with all the knowledge and tools you need to implement an automated, end-to-end API Security process that will get your dev, sec and ops teams speaking the same language.

Through a mix of presentation and demos, we will:

  • Review security risks at each stage of the API lifecycle, and how to mitigate them
  • Show you how to implement an end-to-end automated API security model that development, security and operations teams will love
  • Explain the importance of having a positive security model and how it works
  • Provide a list of tools that will help you automate your API security, including our newest REST API Static Security Audit Extension for Bitbucket Pipelines!

About 42Crunch

42Crunch bridges the gap between API development and security teams with a simple, automated platform that provides auditing, live endpoint scanning, and micro API firewall protection. Unlike other solutions on the market, 42Crunch Platform empowers development, security, and operations teams with a set of integrated tools to easily build security into the foundation of the API and enforce those policies throughout the API lifecycle. By delivering security as code, you enable a seamless DevSecOps experience, allowing innovation at the speed of business without sacrificing integrity. Visit to learn more. 

Visit our online community

Latest Resources


Top Things You Need to Know About API Security

Two of the API security industry’s leading experts, Dr Philippe de Ryck and Isabelle Mauny, guide you through some real-world cases of API security attacks and also share some best practices for securing your APIs.


What’s the best way to test an API for vulnerabilities? RTFM

By Tom Chang | June 11, 2024

If you’re a child of the 80s like me, you may have had the distinction of being the only one in your house who knew how to program your VCR. My motivation was strong. Clarinet lessons were interfering with my favorite show, the A Team. I was the […]


APIs are the core building block of every enterprise’s digital strategy, yet they are also the number one attack surface for hackers. 42Crunch makes developers’ and security practitioners' lives easier by protecting APIs, with a platform that automates security into the API development pipeline and gives full oversight of security policy enforcement at every stage of the API lifecycle.

Ready to Learn More?

Developer-first solution for delivering API security as code.