IDE integration
The earlier you start thinking about the well-formedness and security of your APIs, the less you need to backtrack to fix issues later on. Follow best practices already when developing your OpenAPI definitions makes getting it right less of a chore. You can install the extension OpenAPI (Swagger) Editor to your IDE to integrate API Security Audit with your integrated development environments (IDEs). This lets you start auditing your OpenAPI definition already when you are working on it.
You can also integrate Security Audit with your CI/CD pipeline so that any changes to APIs in your project are automatically audited for security. For more details, see CI/CD integrations.
Supported IDEs
The integration extension OpenAPI (Swagger) Editor is currently available for the following IDEs:
- Microsoft Visual Studio Code (VS Code)
- JetBrains IntelliJ IDEA
- Eclipse IDE
You can find links to more details for all supported options from the 42Crunch Platform landing page.
The IDE extension uses IDE tokens to access and authenticate to 42Crunch Platform. You can create IDE tokens in 42Crunch Platform, either on the landing page or in your account settings.
VS Code integration
The OpenAPI (Swagger) Editor for VS Code makes creating and navigating OpenAPI definitions quicker and easier, and integrates Security Audit with VS Code.
With the OpenAPI extension, you can run Security Audit straight from the VS Code window: just click the 42C button at the top edge. You need a token to authenticate to Security Audit, so on the first time you must provide your email address so that we can send you the token.
Audit report in VS Code
Like in 42Crunch Platform, running Security Audit from VS Code gives an audit score for the API definition and produces a report on the found issues. However, navigating a report is bit different from the platform UI.
The scoring, issue IDs, and the descriptions and remediations for all found issues are shown on the right. The status bar at the bottom left shows a quick overview on the severity levels of the found issues:
- : critical or high
- : medium
- : low
You can click on the icons to open the Problems view that shows the titles of critical, high, and medium issues.
The color blocks in the minimap show where in your API definition the issues occur, so you can easily hop to check the spot in your code. In the code, wavy lines in matching color mark the affected element and hovering on it shows all issues in that spot.
You can also open an audit report exported from 42Crunch Platform and view it in VS Code. See Load audit report from a file.
IntelliJ integration
The OpenAPI (Swagger) Editor for IntelliJ IDEA makes creating and navigating OpenAPI definitions quicker and easier, and integrates Security Audit with IntelliJ.
With the OpenAPI extension, you can run Security Audit straight from the IntelliJ window: just click the 42C button at the top edge. You need a token to authenticate to Security Audit, so on the first time you must provide your email address so that we can send you the token.
Audit report in IntelliJ
Like in 42Crunch Platform, running Security Audit from IntelliJ gives an audit score for the API definition and produces a report on the found issues. However, navigating a report is bit different from the platform UI.
The scoring, issue IDs, and the descriptions and remediations for all found issues are shown on the right.
You can click on the icons to open the Problems view that shows the titles of critical, high, and medium issues:
- : critical or high
- : medium
- : low
The color blocks in the minimap show where in your API definition the issues occur, so you can easily hop to check the spot in your code. In the code, wavy lines in matching color mark the affected element and hovering on it shows all issues in that spot.
You can also open an audit report exported from 42Crunch Platform and view it in IntelliJ. See Load audit report from a file.
Eclipse integration
The OpenAPI (Swagger) Editor for Eclipse IDE makes creating and navigating OpenAPI definitions quicker and easier, and integrates Security Audit with Eclipse.
With the OpenAPI extension, you can run Security Audit straight from the Eclipse window: just click the 42C button at the top edge of the workbench. You need a token to authenticate to Security Audit, so on the first time you must provide your email address so that we can send you the token.
Audit report in Eclipse
Like in 42Crunch Platform, running Security Audit from Eclipse gives an audit score for the API definition and produces a report on the found issues. However, navigating a report is bit different from the platform UI.
The scoring, issue IDs, and the descriptions and remediations for all found issues are shown on the right.
You can click on the icons to open the Problems view that shows the titles of critical, high, and medium issues:
- : critical or high
- : medium
- : low
The color blocks in the minimap in the editor show where in your API definition the issues occur, so you can easily hop to check the spot in your code. In the code, dashed lines in matching color mark the affected element and hovering on it shows all issues in that spot.