Security Editor and extensions for third-party editors

API Contract Security Audit tells what is the state of security in your APIs and what kind of issues are hiding in their OpenAPI (formerly Swagger) definitions. However, running Security Audit on your APIs does not in itself make them more secure, it just provides a road map for you. To increase the security of your APIs, you must fix the issues in the OpenAPI definitions that Security Audit found.

Note The issues represent real concerns in your OpenAPI definition, and they may either prevent API Protection completely, or severely impact its quality. We highly recommend that you fix all found issues.

You can edit API definitions either directly in 42Crunch Platform with Security Editor, or outside the platform in an external editor. If you use Microsoft Visual Studio Code (VS Code) or Jetbrains IntelliJ IDEA, you can install our extension to your editor and run Security Audit on the OpenAPI definition you are working on right in your editor.

TipYou can also integrate Security Audit with your CI/CD pipeline so that any changes to APIs in your project are automatically audited for security. For more details, see CI/CD integrations.

Security Editor

The Security Editor tab enables you to fix the issues that Security Audit found directly in 42Crunch Platform.

You can see the issues Security Audit found in your API and your API definition side by side, so comparing them is easy. If you click on an issue, Security Editor shows where in the API definition the issue is located and you can view its details:

An example screenshot of Security Editor with encyclopedia article open on the right.

The small scoreboard at the top of the list shows how well your API scored overall and how the score is split between security and data definition quality.

Screenshot of an example scoreboard

By default, Security Editor shows all found issues in the list, but you can filter the shown issues based on the severity level.

The editor shows you the API definition in the format (JSON or YAML) it was imported to the platform. However, you can switch between the formats in the editor as needed.

Note If you switch the format in the editor and save the API definition, it is converted to the new format. For more details, see Convert APIs.

Visual Studio Code extension

The OpenAPI (Swagger) Editor for VS Code makes creating and navigating OpenAPI definitions quicker and easier, and integrates Security Audit with VS Code.

An example screenshot of the OpenAPI extension in VS Code.

With the OpenAPI extension, you can run Security Audit straight from the VS Code window, just click the 42C button at the top edge. You need a token to authenticate to Security Audit, so on the first time you must provide your email address so that we can send you the token.

Audit report in VS Code

Like in 42Crunch Platform, running Security Audit from VS Code gives an audit score for the API definition and produces a report on the found issues. However, navigating a report is bit different from the platform UI.

An example screenshot of an audited API definition in VS Code.

The scoring and the descriptions and remediations for all found issues are shown on the right. The status bar at the bottom left shows a quick overview on the severity levels of the found issues:

  • : critical or high
  • : medium
  • : low

You can click on the icons to open the Problems view that shows the titles of critical, high, and medium issues.

The color blocks in the minimap show where in your API definition the issues occur, so you can easily hop to check the spot in your code. In the code, wavy lines in matching color mark the affected element and hovering on it shows all issues in that spot.

IntelliJ extension

The OpenAPI (Swagger) Editor for IntelliJ IDEA makes creating and navigating OpenAPI definitions quicker and easier, and integrates Security Audit with IntelliJ.

An example screenshot of the OpenAPI extension in IntelliJ.

With the OpenAPI extension, you can run Security Audit straight from the IntelliJ window, just click the 42C button at the top edge. You need a token to authenticate to Security Audit, so on the first time you must provide your email address so that we can send you the token.

Audit report in IntelliJ

Like in 42Crunch Platform, running Security Audit from IntelliJ gives an audit score for the API definition and produces a report on the found issues. However, navigating a report is bit different from the platform UI.

An example screenshot of an audited API definition in IntelliJ.

The scoring and the descriptions and remediations for all found issues are shown on the right. The status bar at the bottom left shows a quick overview on the severity levels of the found issues:

  • : critical or high
  • : medium
  • : low

You can click on the icons to open the Problems view that shows the titles of critical, high, and medium issues.

The color blocks in the minimap show where in your API definition the issues occur, so you can easily hop to check the spot in your code. In the code, wavy lines in matching color mark the affected element and hovering on it shows all issues in that spot.