Questions Answered: REST API Security by Design with Azure Pipelines

You had questions, and we’ve got answers!

Thank you for all the questions submitted on our “REST API Security by Design with Azure Pipelines” webinar. Below are all the answers to the questions that were asked. If you’d like more information please feel free to contact us.

REST API Security for Microsoft Azure Pipelines. Watch Webinar

REST API Security for Microsoft Azure Pipelines Slide Deck Download

I know this API Security Audit requires a Token to call it from VS Code, is there any limitation on the # of calls or licensing associated?

Neither the VS Code plugin nor the Azure DevOps extension have limits on the number of security audits run. However, there is a rate limit of 3 calls per minute from the same IP. 

There is a difference in behavior of these two extensions though. The VS Code extension is a personal developer tool, so the report is only shown to the individual developer using it and not stored anywhere.

The Azure DevOps extension is publishing the reports to the central 42Crunch platform so your whole team can get access to them. Thus, the licensing limits of the 42Crunch subscription starts playing a role here. 42Crunch has a free tier up to 3 APIs and monthly subscription options beyond that. The number of updates to these APIs or the number of times you call the platform for security testing is not limited.


Is there any software that can generate an API file for a code written in any programming language?

Yes, OpenAPI standard has a broad industry support. You can find most tools supporting it at as well as


How is the 42Crunch Platform connected to Azure DevOps?

Azure DevOps is connecting to the 42Crunch platform via API and pushing OpenAPI files to be tested to it. The Azure DevOps extension then collects the security testing results, displays them in the pipeline, and makes the success or failure decision based on the criteria that you set.


Will there be support for other Cloud vendors in the roadmap?

42Crunch API Security platform can work with APIs developed and hosted in any cloud. It is not dependent on Azure in any way. In this particular webinar, we have been demonstrating our extension for Azure DevOps CI/CD pipeline. 

We have a few internal plugins for other CI/CD platforms so if you are using something else please fill out the Contact Us form on our website to request access.


It’s a cloud service. How about privacy? How will my data be handled?

42Crunch is indeed a multi-tenant cloud service. Please see our Terms & Conditions for details:


This is a real cool plugin. Is there one available for java developers (like IntelliJ, Eclipse)?

Non VS Code plugins are in the works. Please fill out the Contact Us form on our website so we can notify you when we are ready to start our private beta for them.


Do you have plans to make an on-prem version of your platform, or at least the audit service?

On-prem version of 42Crunch platform is available for large enterprise customers. If you are interested, please fill out the Contact Us form on our website.


What about integration with Stoplight is a powerful design first platform. 42Crunch integration will be a great add. does not have a model of 3rd-party extensions. We are hoping to find a way to work with Stoplight to plug our tests into their platform.


42Crunch REST API Static Security Testing Extension for Azure Pipelines



Try our security audit for free. If you want to see the whole platform in action, request a demo now!

Latest Resources


Webinar Series - Defending APIs with Jim Manico

Defending APIs with Jim Manico – Episode 1

Episode 1: Request Forgery on the Web – CSRF & SSRF

November 10, 2022 | 9am PST | 5pm BST

Join Jim Manico, CEO of Manicode and Colin Domoney from 42Crunch, as they deliver a 2-part webinar series to help developers better defend APIs.


42Crunch Announce OWASP Membership

42Crunch becomes a member of OWASP to Advance API Security 

By Newsdesk | November 14, 2022

November 14, 2022, San Francisco, CA –  42Crunch is pleased to announce our corporate membership of the Open Web Application Security Project (OWASP), a worldwide not-for-profit charitable organization focused on improving the security of software. At 42Crunch we have always been inspired by OWASP’s role as an enabler […]


Datasheet Cover Images P1-02

Product Datasheet Addressing API Security Challenges

APIs are the core building block of every enterprise’s digital strategy, yet they are also the number one attack surface for hackers. 42Crunch makes developers’ and security practitioners' lives easier by protecting APIs, with a platform that automates security into the API development pipeline and gives full oversight of security policy enforcement at every stage of the API lifecycle.

Ready to Learn More?

Developer-first solution for delivering API security as code.