42Crunch Security Audit includes 200+ static analysis security checks for OpenAPI format conformance, authentication, authorization, transport, data validation, and API security best practices. In the past, there were limitations to the complexity of the contracts that could be audited. Not anymore. Now any OpenAPI files up to 10 MB in file size can be audited.<\/p>\n
We also made the security audit compatible with some OpenAPI format issues that in the past were blocking the audit. Thus, pretty much any API contracts sufficiently following the standard can now be analyzed.<\/p>\n
This change is live both in our online platforms and all our plugins: IDE, CI\/CD, repository, SonarQube<\/a>.<\/p>\n 42Crunch Conformance Scan<\/a> is the dynamic testing part of the 42Crunch suite. It used to only run from the cloud, which created connectivity and client confidentiality issues. After all, many companies want to test internal or pre-production APIs that are not accessible from the internet and do not have a dedicated 42Crunch deployment.<\/p>\n Now, with Private cloud scan<\/a>, you can run the 42Crunch scan agent on any computer by simply using the docker image or a centralized Kubernetes deployment and simply supply the id of the scan configuration and whatever custom parameters (like access token and endpoint URL) that you want to be changed for that run.<\/p>\n With that change, we are also making on-premises scan available to all our community users.<\/p>\n We have released a set of extensions to the OpenAPI standard that allow taking API runtime protection to the next level<\/a>:<\/p>\nPrivate Cloud Conformance Scan<\/h2>\n
![\"\"](\"https:\/\/staging2022.42crunch.com\/wp-content\/uploads\/2022\/11\/On-prem-scan-1536x645-1.png\")
<\/p>\nJWT, Security Headers, Rate Limit Protections<\/h2>\n