{"id":17814,"date":"2023-12-05T14:56:05","date_gmt":"2023-12-05T14:56:05","guid":{"rendered":"https:\/\/staging2022.42crunch.com\/?p=17814"},"modified":"2024-09-03T14:20:54","modified_gmt":"2024-09-03T13:20:54","slug":"tutorial-security-conformance-scan-openapi-swagger-extension-vs-code","status":"publish","type":"post","link":"https:\/\/staging2022.42crunch.com\/tutorial-security-conformance-scan-openapi-swagger-extension-vs-code\/","title":{"rendered":"API Security &#038; Conformance Scan using OpenAPI Swagger Editor Extension in VS Code"},"content":{"rendered":"\n\n\t<p>Tutorials<\/p>\n\n\t<section>\n<section>\n<p>A <a href=\"https:\/\/staging2022.42crunch.com\/api-conformance-scan\/\">dynamic security scan<\/a> of your API to check for conformance against the API design (OpenAPI contract) and security vulnerabilities such as BOLA and BFLA. The tutorial videos below are relevant for all the available IDEs. API Scan is also available on the 42Crunch Platform and CI\/CD platforms such as GitHub Actions and Azure DevOps.<\/p>\n<\/section>\n<\/section>\n<h3>\n\t\tQuick Links\n\t<\/h3>\n\t<ul>\n<li><a href=\"#Activate-scan\">Activate API Scan<\/a><\/li>\n<li><a href=\"#ScanViewer\">Overview of the Scan Configuration Viewer<\/a><\/li>\n<li><a href=\"#First-scan\">Run Your First Scan<\/a><\/li>\n<li><a href=\"#VariableSubstitution\">Use Variable Substitution<\/a><\/li>\n<li><a href=\"#Authentication\">Setup Dynamic API Authentication<\/a><\/li>\n<li><a href=\"#HappyPathScenarios\">Create API Happy Path Scenarios<\/a><\/li>\n<li><a href=\"#Global-blocks\">Setup and Teardown using Global Blocks<\/a><\/li>\n<li><a href=\"#Broken-authorization\">Test for Broken Authorization<\/a><\/li>\n<\/ul>\n\t<iframe src=\"https:\/\/player.vimeo.com\/video\/884864394?h=b167153ec4&amp;autopause=0&amp;player_id=0&amp;app_id=58479\" frameborder=\"0\" allowfullscreen=\"allowfullscreen\"><\/iframe>\n<h2>\n\t\tActivate API Scan \n\t<\/h2>\n\t<section>\n<p>You can run the <a href=\"https:\/\/staging2022.42crunch.com\/api-conformance-scan\/\">dynamic API Scan security test<\/a> locally on your machine without having to share the API. Activation differs slightly between free and paying customers. Please refer to the relevant video below.<\/p>\n<\/section>\n<h3>\n\t\tPaying Customers\n\t<\/h3>\n\t<iframe src=\"https:\/\/player.vimeo.com\/video\/889847463?h=9e86772bb9&amp;badge=0&amp;autopause=0&amp;player_id=0&amp;app_id=58479\" frameborder=\"0\" allowfullscreen=\"allowfullscreen\"><\/iframe>\n<h3>\n\t\t Free Customers\n\t<\/h3>\n\t<iframe src=\"https:\/\/player.vimeo.com\/video\/948999586?h=ea6c567aac&amp;badge=0&amp;autopause=0&amp;player_id=0&amp;app_id=58479\" frameborder=\"0\" allowfullscreen=\"allowfullscreen\"><\/iframe>\n<h2>\n\t\tOverview of the Scan Configuration Viewer\n\t<\/h2>\n\t<section>\n<p>Explanation of the scan configuration viewer where you configure and run your scan tests<\/p>\n<\/section>\n\t<iframe src=\"https:\/\/player.vimeo.com\/video\/919389375?h=41ea756320&amp;badge=0&amp;autopause=0&amp;player_id=0&amp;app_id=58479\" frameborder=\"0\" allowfullscreen=\"allowfullscreen\"><\/iframe>\n\t<iframe src=\"https:\/\/player.vimeo.com\/video\/890193798?h=5d973f3738&amp;badge=0&amp;autopause=0&amp;player_id=0&amp;app_id=58479\" frameborder=\"0\" allowfullscreen=\"allowfullscreen\"><\/iframe>\n<h2>\n\t\tRunning your first API Scan\n\t<\/h2>\n\t<section>\n<p>Learn how to configure and run your first API Scan and read the results<\/p>\n<\/section>\n<h2>\n\t\tUse Variable Substitution\n\t<\/h2>\n\t<section>\n<p>Variable substitution is a powerful feature that enables dynamic changes to your requests and responses<\/p>\n<\/section>\n\t<iframe src=\"https:\/\/player.vimeo.com\/video\/948188203?h=68df9bf197&amp;badge=0&amp;autopause=0&amp;player_id=0&amp;app_id=58479\" frameborder=\"0\" allowfullscreen=\"allowfullscreen\"><\/iframe>\n\t<iframe src=\"https:\/\/player.vimeo.com\/video\/890206022?h=d08ef6b01d&amp;badge=0&amp;autopause=0&amp;player_id=0&amp;app_id=58479\" frameborder=\"0\" allowfullscreen=\"allowfullscreen\"><\/iframe>\n<h2>\n\t\tSetup  Dynamic API Authentication\n\t<\/h2>\n\t<section>\n<p>Authentication tokens such as OAuth or an API key may be required In order to test your API. Find out how to configure the scan for dynamic authentication.<\/p>\n<\/section>\n<h2>\n\t\tAPI Happy Path &#8220;Scanarios&#8221;\n\t<\/h2>\n\t<section>\n<p>You can add additional operations and requests to your scan configuration scenario to create more complex test scenarios. Take a look at the video explainer.<\/p>\n<\/section>\n\t<iframe src=\"https:\/\/player.vimeo.com\/video\/890247418?h=24935ed70d&amp;badge=0&amp;autopause=0&amp;player_id=0&amp;app_id=58479\" frameborder=\"0\" allowfullscreen=\"allowfullscreen\"><\/iframe>\n\t<iframe src=\"https:\/\/player.vimeo.com\/video\/919459346?h=c947a2ca41&amp;badge=0&amp;autopause=0&amp;player_id=0&amp;app_id=58479\" frameborder=\"0\" allowfullscreen=\"allowfullscreen\"><\/iframe>\n<h2>\n\t\tSetup and Teardown using Global Blocks\n\t<\/h2>\n\t<section>\n<p>Set up and tear down test resources or create test states to test the API using before and after blocks e.g. Create a new test user account, run tests and then delete the new user<\/p>\n<\/section>\n<h2>\n\t\tTest for Broken Authorization\n\t<\/h2>\n\t<section>\n<p>Find out how to test your APIs for Authorization vulnerabilities such as OWASP API 01:2023 &#8211; Broken Object Level Authorization (BOLA) or OWASP API 05:2023 &#8211; Broken Functional Level Authorization (BFLA) using the 42Crunch API Scan tool.<\/p>\n<\/section>\n\t<iframe src=\"https:\/\/player.vimeo.com\/video\/921897781?h=cecfa93ad5&amp;badge=0&amp;autopause=0&amp;player_id=0&amp;app_id=58479\" frameborder=\"0\" allowfullscreen=\"allowfullscreen\"><\/iframe>\n\n","protected":false},"excerpt":{"rendered":"<p>Tutorial on how to run the 42Crunch API security Scan from the OpenAPI (Swagger) Editor extension in VS Code and how to navigate the results.<\/p>\n","protected":false},"author":7,"featured_media":12267,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_seopress_robots_primary_cat":"none","_seopress_titles_title":"API Security and Conformance Scan on the OpenAPI (Swagger) Editor Extension for VS Code ","_seopress_titles_desc":"Tutorial on how to run the 42Crunch API security and conformance scan from the OpenAPI (Swagger) Editor extension in VS Code and how to navigate the report.","_seopress_robots_index":"","site-sidebar-layout":"default","site-content-layout":"disabled","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"disabled","ast-hfb-above-header-display":"disabled","ast-hfb-below-header-display":"disabled","ast-hfb-mobile-header-display":"disabled","site-post-title":"disabled","ast-breadcrumbs-content":"disabled","ast-featured-img":"disabled","footer-sml-layout":"disabled","theme-transparent-header-meta":"default","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"set","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[11],"tags":[22,16,19],"class_list":["post-17814","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-tutorials","tag-api-security-platform","tag-api-security-training","tag-openapi-swagger-editor"],"_links":{"self":[{"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/posts\/17814"}],"collection":[{"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/comments?post=17814"}],"version-history":[{"count":2,"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/posts\/17814\/revisions"}],"predecessor-version":[{"id":19005,"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/posts\/17814\/revisions\/19005"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/media\/12267"}],"wp:attachment":[{"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/media?parent=17814"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/categories?post=17814"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/tags?post=17814"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}