API SCANNING
API Scanning is a process of testing your API endpoints to find any potential vulnerabilities.
Virsec DevSecOps API scans are performed on a runtime application using our fully packaged Docker image without any additional software installation. Please make sure you have the following prerequisites before running the scans.
PREREQUISITES
NOTE:
Your source code doesn't leave your environment, Virsec DevSecOps doesn't store or have any kind of access to it.
COMMAND
Run the following command from your console by replacing placeholder values.
vsp_defense apiscan --api-key=<YOUR_API_KEY> --url= "<REST_ENDPOINT_URL>" --project-name="<PROJECT_NAME>" --openapi-jsonurl="<OPEN_API_JSON_FILE_URL>"
PARAMETERS
The following parameters can be added from CLI when running a scan.
Options |
Required |
Description |
--api-key |
Yes |
API key |
--project-name |
Yes |
Name of the Project |
--url |
Yes |
Rest endpoint url(Example: https://petstore.swagger.io) |
--openapi-jsonurl |
Yes |
Open API JSON Url(Example: https://petstore.swagger.io/v2/swagger.json) |
Sample
vsp_defense apiscan --api-key=<YOUR_API_KEY> --url= "https://petstore.swagger.io/" --project-name="pdproject" --openapi-jsonurl="https://petstore.swagger.io/v2/swagger.json"