Integrate Security Audit with Eclipse IDE

You can integrate API Security Audit with Eclipse IDE through the extension OpenAPI (Swagger) Editor.

For more details on Eclipse integration, see Eclipse integration.

  1. Install OpenAPI (Swagger) Editor extension to your Eclipse editor.
  2. Open the API you want in Eclipse in .json or .yaml format.
  3. To run Security Audit from Eclipse, click the 42C button at the top edge of the workbench. Security Audit checks your API definition and provides audit score and report on the found issues in the editor just like in the platform. The elements containing issues are also marked in your code. For more details, see Audit report in Eclipse.

    An example screenshot of an audited API definition in Eclipse.

    The extension uses a token to authenticate to Security Audit. On the first time, you must provide your email address so that we can send you the token, just follow the instructions on the UI. Configuring the token is done only once, on subsequent audits you just click the button.

  4. In the Problems view, scroll through the issue titles, and click on an issue to jump to view it inline in your API definition. The issues are ordered from most to least severe, so it is easy for fix the worst offenders first. Recommendations are not listed in the Problems panel.
  5. Hover on an element marked in your code to see the list of issues in that spot, and click on the list to filter the text panel to show only these issues.
  6. Edit your API definition to fix found issues, save your changes, and click the 42C button to re-run the audit.

View API collections in the IDE

In addition to running Security Audit, you can also view and manage API collections available to you in 42Crunch Platform directly in the IDE. The IDE extension uses IDE tokens to access and authenticate to 42Crunch Platform. You can create IDE tokens in 42Crunch Platform, either on the landing page or in your account settings.

Creating IDE tokens requires a user account in 42Crunch Platform. If you have so far just used the token that was mailed to you when you first run Security Audit in the IDE, you must sign up for an account before you can configure the integration for viewing the APIs and API collections in your IDE.

  1. Log in to 42Crunch Platform and click Create a new IDE token on the landing page.
  2. Copy the value of your IDE token, you need it to configure your IDE extension.
  3. In Eclipse, go to Preferences > OpenAPI (Swagger) Editor.
  4. Enter the URL your organization uses to access 42Crunch Platform. For most users, this is https://platform.42crunch.com. If you are not sure what your platform URL is, contact our support.
  5. Enter the value of the IDE token you copied, the click Apply and Close. The IDE extension can now read the API collections available to you and APIs in them and show them in the 42Crunch view.

    The screenshot shows an example of an API in the API collection browser in Eclipse.

  6. To open the API definition in the IDE, click OpenAPI definition. To view the audit report, click Security Audit.
  7. To open the API definition in 42Crunch Platform, rename it, or delete it, right-click on the API, and select the action you want.

    Deleting an API permanently removes it from 42Crunch Platform. This action cannot be undone.

What is...

IDE integration

API Security Audit

Tokens

How to...

Integrate IDEs with 42Crunch Platform

Integrate Security Audit with Visual Studio Code

Integrate Security Audit with IntelliJ IDEA