{"id":13370,"date":"2022-09-07T19:05:37","date_gmt":"2022-09-07T18:05:37","guid":{"rendered":"https:\/\/42crdev.prexihost.com\/?page_id=13370"},"modified":"2023-09-22T15:08:38","modified_gmt":"2023-09-22T14:08:38","slug":"cicd-api-integrations","status":"publish","type":"page","link":"https:\/\/staging2022.42crunch.com\/cicd-api-integrations\/","title":{"rendered":"CI\/CD"},"content":{"rendered":"\n\n\t\t

\n\t\t\tCI\/CD\n\t\t\t\t\t\tSecure APIs from inside your CI\/CD Pipeline\n\t\t<\/h1>\n\t\t\t\t\"Icons-42Crunch-IDE-CI-CD-Icons-3\"\n\tOWASP has identified “Improper Assets Management” as one of the 10 Most Critical API Security Risks.
\nRunning the\u00a042Crunch API Audit<\/a> from inside your Continuous Integration and Continuous Development (CI\/CD)
\npipeline prevents unsecure APIs from reaching production.\n\t\t

\n\t\t\tOptimize\n\t\t\t\t\t\t\t\t\t\t\tyour OpenAPI files\n\t\t<\/h2>\n\t\t\t

42Crunch API Audit<\/a> powers your Continuous Integration and Continuous Development (CI\/CD) pipeline by acting as a linter to conduct an analysis of your OpenAPI (Swagger) files.It performs a static analysis of each of the OpenAPI definition files by running over 300 checks that enforce best practices and identify potential vulnerabilities.An auto-generated report identifies any issues, ranked by severity, across a number of criteria such as security, data validation, schemas and specification format. It also offers remediation advice on how to fix these issues.<\/p>\t\t\n\t\t\t\t\"42C_UI_8_22-13\"\n\t\t\t\t\n\t\t\t\t\"Bitbuket\"\n\t\t\t\t\t\t<\/a>\n\t\tBitbuket\n\t\t\t\t\n\t\t\t\t\"Azure\n\t\t\t\t\t\t<\/a>\n\t\tAzure Pipelines\n\t\t\t\t\n\t\t\t\t\"Atlassian\n\t\t\t\t\t\t<\/a>\n\t\tAtlassian Bamboo\n\t\t\t\t\n\t\t\t\t\"Jenkins\"\n\t\t\t\t\t\t<\/a>\n\t\tJenkins\n\t\t\t\t\n\t\t\t\t\"GitLab\"\n\t\t\t\t\t\t<\/a>\n\t\tGitLab\n\t\t\t\t\n\t\t\t\t\"GitHub\n\t\t\t\t\t\t<\/a>\n\t\tGitHub Actions\n\t\t\t\t\n\t\t\t\t\"SonarQube\"\n\t\t\t\t\t\t<\/a>\n\t\tSonarQube\n\t\t

\n\t\t\tSingle Source\n\t\t\t\t\t\t\t\t\t\t\tof Truth\n\t\t<\/h2>\n\t\t\t

The OpenAPI definition file makes it easy for DevSecOps teams to adhere to the highest quality standards as everyone is working on a single shared source of truth. Prior to pushing the API into production, developer and security teams test the API against the OpenAPI contract to ensure the actual API matches its definition. This positive security approach is superior to that of traditional\u00a0Static Application Security Testing (SAST)\u00a0 tools, which are limited by lengthy scan times and poor accuracy, returning too many false positives, and eroding developer trust.<\/p>\t\t\n\t\t

\n\t\t\tCheck out\n\t\t\t\t\t\t\t\t\t\t\tour other integrations\n\t\t<\/h2>\n\t