42Crunch Security Audit performs over 200 checks on your API contract to verify if it conforms to the OpenAPI Specification and does not contain security issues.
The Audit can be customized to skip certain checks. The simple steps to create and apply a customization are described below.
1. Create a Tag
- From the top navigation dropdown menu open the Tags page
- In the 'Categories' pane, select the 'Audit_Customizations' category
- In the Audit_Customizations pane, click the '+ Add' button to add a new Tag. Enter a Tag name when prompted (e.g. Demo_Tag)
2. Create an Audit Rule for the Tag
- From the top navigation dropdown menu open the Customizations page
- On the 'Customizations' pane, click the 'Add' dropdown button and select 'Audit Rule'
- Enter a name for the rule (e.g. 'Demo-Audit-Rule)
- Select the Audit_Customizations tag category
- Select the new Tag you created earlier
- Click the 'Configure skipped checks' button
- From the dropdown menu select the check(s) you want the Security Audit to skip
- Click the 'Create the rule now' button
3. Add the Tag to your API Contract
- Open the API Summary page for your API contract
- Scroll down to the 'Tags' dropdown menu
- Select the new Tag you created earlier
- Click anywhere outside of the menu to save the Tag on your API contract
- Rerun the Security Audit on this API contract to view the new results which skip certain Audit checks
Comments
0 comments
Please sign in to leave a comment.