API Security Audit using OpenAPI Swagger Editor Extension in VS Code

Identify and fix issues in the OpenAPI (formerly Swagger) definition file using the API Audit, available via the OpenAPI Editor in Microsoft Visual Studio Code (VS Code).

Extension Overview

Below is an example of the 42Crunch OpenAPI (Swagger) extension for VS Code. If you do not already have it, just go to Extensions and search for OpenAPI.

The extension shows an extra panel on the left that helps navigate through your OpenAPI (Swagger) definition. The extension also provides time-saving templates that make creating new API definitions a breeze.

API Contract Security Audit in VS Code

To run an audit, click on the 42Crunch icon in the top right of your screen. The first time you run the audit, you must provide your email address so that we can send you an API key that VS Code can use to authenticate to our service.

Navigating Found Issues

The audit report is similar to the report that you get in 42Crunch Platform. Issues are highlighted in red. If you click on an issue, you can view its description and remediation on the right.

Another place to view the found issues is the Problems panel in VS Code. By default, the issues are organized by priority, and you can scroll through them and click on them individually, or search for specific issues at the top.

All in all, the function is very similar to the platform UI: the extension uses the same API behind the scenes. However, if you are a development IDE user, the extension provides a more familiar experience, and you do not need to switch between the different tools or windows to get your API secure by design.

Latest Resources


Something Old, Something New – OWASP API Security Top 10 in 2023

42Crunch’s Colin Domoney takes a look at the new OWASP API Security 2023 listing, identifying which vulnerabilities are new, which have not changed and which have been removed.


How to Embed API Security Testing into the Development Lifecycle without Delaying Production Rollout

By Mark Dolan | September 19, 2023

This is the first in a 3-part series of blogs exploring how 42Crunch assists enterprises with API security compliance. In her seminal blogpost, “Shifting Security to the Left” Shannon Lietz explains how including security testing earlier in the development lifecycle makes for longer-lived and more resilient software. The principles she advocates for are also what guides us at 42Crunch..


APIs are the core building block of every enterprise’s digital strategy, yet they are also the number one attack surface for hackers. 42Crunch makes developers’ and security practitioners' lives easier by protecting APIs, with a platform that automates security into the API development pipeline and gives full oversight of security policy enforcement at every stage of the API lifecycle.

Ready to Learn More?

Developer-first solution for delivering API security as code.