<< PREVIOUS NEXT >>

 

 

API SCANNING


 

API Scanning is a process of testing your API endpoints to find any potential vulnerabilities.

 

Virsec DevSecOps API scans are performed on a runtime application using our fully packaged Docker image without any additional software installation. Please make sure you have the following prerequisites before running the scans.

 

PREREQUISITES

  1. Install CLI

  2. Install Docker if not already present

    1. Version 1.8X or greater

 

NOTE: 

Your source code doesn't leave your environment, Virsec DevSecOps doesn't store or have any kind of access to it.

 

COMMAND

 

Run the following command from your console by replacing placeholder values.

 

vsp_defense apiscan --api-key=<YOUR_API_KEY> --url= "<REST_ENDPOINT_URL>" --project-name="<PROJECT_NAME>" --openapi-jsonurl="<OPEN_API_JSON_FILE_URL>"

 

 

 

 

PARAMETERS

 

The following parameters can be added from CLI when running a scan. 

 

Options

Required

Description

--api-key

Yes

API key

--project-name

Yes

Name of the Project

--url

Yes

Rest endpoint url(Example: https://petstore.swagger.io)

--openapi-jsonurl

Yes

Open API JSON Url(Example: https://petstore.swagger.io/v2/swagger.json)

 

Sample

 

vsp_defense apiscan --api-key=<YOUR_API_KEY> --url= "https://petstore.swagger.io/" --project-name="pdproject" --openapi-jsonurl="https://petstore.swagger.io/v2/swagger.json"