{"id":8788,"date":"2020-06-16T01:00:24","date_gmt":"2020-06-16T00:00:24","guid":{"rendered":"https:\/\/staging-site.42crunch.com\/?p=8788"},"modified":"2022-11-24T09:51:49","modified_gmt":"2022-11-24T09:51:49","slug":"new-rest-api-static-security-testing-extension-bitbucket-pipelines","status":"publish","type":"post","link":"https:\/\/staging2022.42crunch.com\/new-rest-api-static-security-testing-extension-bitbucket-pipelines\/","title":{"rendered":"42Crunch Launches New REST API Static Security Testing Extension for Bitbucket Pipelines"},"content":{"rendered":"<p><b>IRVINE, CA, JUNE 16, 2020<\/b><span style=\"font-weight: 400;\"> \u2014 Today, the API security leader and creator of the industry\u2019s first API Firewall, 42Crunch, announced the launch of their new <a href=\"https:\/\/bitbucket.org\/product\/features\/pipelines\/integrations?p=42crunch\/api-security-audit\">REST API Static Security Testing extension<\/a> for Atlassian\u2019s code collaboration and CI\/CD solution, Bitbucket Pipelines. This extension enables companies to easily enforce secure API design right from their CI\/CD pipeline \u2014 making it easier than ever to enable a DevSecOps process for API security.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The transition to cloud-native, microservice-based and serverless architectures had led to proliferation of APIs. Applications now have components talking to each other via APIs over network. Thus, companies end up having hundreds if not thousands of APIs. As applications evolve, developers keep changing APIs and spinning up new ones each time a new component gets added to the system.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">APIs thus have become the new application attack surface and the one that is extremely hard to control considering its constant change.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">With the ever-rising privacy and cybersecurity requirements and the potential catastrophic consequences of a breach, companies are turning to DevSecOps approach to enable automated security static analysis and security testing as part of their CI\/CD pipelines. This allows companies to establish and maintain the security of their systems while maintaining agility and delivering business requirements.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The new <a href=\"https:\/\/bitbucket.org\/product\/features\/pipelines\/integrations?p=42crunch\/api-security-audit\">42Crunch extension for Bitbucket Pipelines<\/a> allows companies to add REST API static security testing (SAST) right into their CI\/CD pipeline. The benefits include:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><b>Reduced risk of breach<\/b><span style=\"font-weight: 400;\">: Locate API contract files in the repository and run 200+ security checks covering <\/span><span style=\"font-weight: 400;\">OpenAPI standard requirements<\/span><span style=\"font-weight: 400;\">, authentication, authorization, and both incoming and outgoing data validation. This ensures that no new or changed API can pass the test and get deployed to production if it does not meet your security standards.<\/span><\/li>\n<li style=\"font-weight: 400;\"><b>Reduced fixing costs<\/b><span style=\"font-weight: 400;\">: Find and report security flaws at each pipeline run, providing immediate feedback to R&amp;D.\u00a0\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\"><b>Increased R&amp;D efficiency<\/b><span style=\"font-weight: 400;\">: 42Crunch API Contract Security Audit does not give false positives. Every issue reported is worth looking into. Issues are prioritized by impact, so developers know where to start. Every issue comes with a detailed knowledge base article explaining the issue, its severity, exploit scenario, and ways to fix it.<\/span><\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-11514\" src=\"https:\/\/staging2022.42crunch.com\/wp-content\/uploads\/2020\/06\/bitbucket-report-2048x1154-1.png\" alt=\"\" width=\"2048\" height=\"1154\" srcset=\"https:\/\/staging2022.42crunch.com\/wp-content\/uploads\/2020\/06\/bitbucket-report-2048x1154-1.png 2048w, https:\/\/staging2022.42crunch.com\/wp-content\/uploads\/2020\/06\/bitbucket-report-2048x1154-1-300x169.png 300w, https:\/\/staging2022.42crunch.com\/wp-content\/uploads\/2020\/06\/bitbucket-report-2048x1154-1-1024x577.png 1024w, https:\/\/staging2022.42crunch.com\/wp-content\/uploads\/2020\/06\/bitbucket-report-2048x1154-1-768x433.png 768w, https:\/\/staging2022.42crunch.com\/wp-content\/uploads\/2020\/06\/bitbucket-report-2048x1154-1-1536x866.png 1536w\" sizes=\"(max-width: 2048px) 100vw, 2048px\" \/><\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"font-weight: 400;\">\u201cThe natural way to address the complex, agile, and decentralized nature of modern apps is to shift security left \u2013 make security part of the DevOps process to become DevSecOps,\u201d says Dmitry Sotnikov, Chief Product Officer at 42Crunch. \u201c<a href=\"https:\/\/bitbucket.org\/product\/features\/pipelines\/integrations?p=42crunch\/api-security-audit\">The 42Crunch REST API Static Security Testing Extension for Bitbucket<\/a> delivers REST API discovery and security audit right in customers\u2019 CI\/CD pipeline.\u201d<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Now, any registered 42Crunch user who is also a user of Bitbucket Pipelines, can extend the pipeline with the 42Crunch REST API Security Audit Static Analysis extension. Check out our <\/span><a href=\"https:\/\/staging2022.42crunch.com\/tutorial-bitbucket-api-static-security-audit\/\"><span style=\"font-weight: 400;\">tutorial page<\/span><\/a><span style=\"font-weight: 400;\"> to see it in action!<\/span><\/p>\n<p><span style=\"font-weight: 400;\">42Crunch has also recently launched a freemium model with free self-service registration at <\/span><a href=\"https:\/\/platform.42crunch.com\/register\"><span style=\"font-weight: 400;\">https:\/\/platform.42crunch.com\/register<\/span><\/a><\/p>\n<p>&nbsp;<\/p>\n<p><strong>Bitbucket Blog:<\/strong> <a href=\"https:\/\/bitbucket.org\/blog\/shift-left-with-code-insights-for-bitbucket-cloud?utm_source=42crunch&amp;utm_medium=partner&amp;utm_campaign=devops-mega-launch\">Shift left with Code Insights for Bitbucket Cloud\u00a0<\/a><\/p>\n<p>&nbsp;<\/p>\n<p><a href=\"https:\/\/staging2022.42crunch.com\/webinar-lets-shift-api-security-left\/\"><strong>Webinar: Let\u2019s shift API Security Left! Sure, but how?<\/strong><\/a><\/p>\n<p class=\"mt-4 mb-4 grey-out\">In this webinar, we will prep you with all the knowledge and tools you need to implement an automated, end-to-end API Security process that will get your dev, sec and ops teams speaking the same language.<\/p>\n<p>Through a mix of presentation and demos, we will:<\/p>\n<ul>\n<li class=\"mb-3 grey-out\">Review security risks at each stage of the API lifecycle, and how to mitigate them<\/li>\n<li class=\"mb-3 grey-out\">Show you how to implement an end-to-end automated API security model that development, security and operations teams will love<\/li>\n<li class=\"mb-3 grey-out\">Explain the importance of having a positive security model and how it works<\/li>\n<li class=\"mb-3 grey-out\">Provide a list of tools that will help you automate your API security, including our newest REST API Static Security Audit Extension for Bitbucket Pipelines!<\/li>\n<\/ul>\n<p><a href=\"https:\/\/staging2022.42crunch.com\/webinar-lets-shift-api-security-left\/\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-7846\" src=\"https:\/\/staging2022.42crunch.com\/wp-content\/uploads\/2022\/11\/watch-now-button-300x135-1.png\" alt=\"\" width=\"242\" height=\"109\" \/><\/a><\/p>\n<p><strong>About 42Crunch<\/strong><\/p>\n<p><span style=\"font-weight: 400;\">42Crunch bridges the gap between API development and security teams with a simple, automated platform that provides auditing, live endpoint scanning, and micro API firewall protection. Unlike other solutions on the market, 42Crunch Platform empowers development, security, and operations teams with a set of integrated tools to easily build security into the foundation of the API and enforce those policies throughout the API lifecycle. By delivering security as code, you enable a seamless DevSecOps experience, allowing innovation at the speed of business without sacrificing integrity. Visit<\/span><a href=\"https:\/\/42crunch.com\"> <span style=\"font-weight: 400;\">https:\/\/42crunch.com<\/span><\/a><span style=\"font-weight: 400;\"> to learn more.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Visit our online community<\/span><a href=\"https:\/\/apisecurity.io\"> <span style=\"font-weight: 400;\">https:\/\/APIsecurity.io<\/span><\/a><span style=\"font-weight: 400;\">.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>IRVINE, CA, JUNE 16, 2020 \u2014 Today, the API security leader and creator of the industry\u2019s first API Firewall, 42Crunch, announced the launch of their new REST API Static Security Testing extension for Atlassian\u2019s code collaboration and CI\/CD solution, Bitbucket Pipelines. This extension enables companies to easily enforce secure API design right from their CI\/CD [&hellip;]<\/p>\n","protected":false},"author":9,"featured_media":11365,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_seopress_robots_primary_cat":"none","_seopress_titles_title":"42Crunch Launches Extension for Bitbucket Pipelines","_seopress_titles_desc":"42Crunch launches new REST API Static Security Testing extension &quot;API Audit&quot; for Atlassian\u2019s CI\/CD solution, Bitbucket Pipelines.","_seopress_robots_index":"","site-sidebar-layout":"default","site-content-layout":"default","ast-site-content-layout":"","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"disabled","ast-hfb-above-header-display":"disabled","ast-hfb-below-header-display":"disabled","ast-hfb-mobile-header-display":"disabled","site-post-title":"disabled","ast-breadcrumbs-content":"disabled","ast-featured-img":"disabled","footer-sml-layout":"disabled","theme-transparent-header-meta":"default","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[13],"tags":[22,25],"class_list":["post-8788","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","tag-api-security-platform","tag-api-testing"],"_links":{"self":[{"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/posts\/8788"}],"collection":[{"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/users\/9"}],"replies":[{"embeddable":true,"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/comments?post=8788"}],"version-history":[{"count":0,"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/posts\/8788\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/media\/11365"}],"wp:attachment":[{"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/media?parent=8788"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/categories?post=8788"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/staging2022.42crunch.com\/wp-json\/wp\/v2\/tags?post=8788"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}