42Crunch

aid: 42crunch
url: https://raw.githubusercontent.com/api-evangelist/42crunch/refs/heads/main/apis.yml
name: 42Crunch
type: Index
image: https://kinlane-productions.s3.amazonaws.com/apis-json/apis-json-logo.jpg
tags:
- API Security
- Platform
- Scanning
- Security
- OpenAPI
- DevSecOps
description: 42Crunch is a leading API security company that specializes in protecting and securing APIs. They provide innovative solutions that help organizations safeguard their sensitive data and critical assets from potential cyber threats. With their comprehensive API security platform, 42Crunch offers a range of services such as API scanning, traffic monitoring, and runtime protection to ensure that APIs are secure and compliant with industry standards. Their platform covers the full API security lifecycle from design and audit through dynamic testing and runtime firewall protection.
created: '2025-01-08'
modified: '2026-05-19'
specificationVersion: '0.19'
apis:
- aid: 42crunch:42crunch-api-security-audit
  name: 42Crunch API Security Audit
  tags:
  - API Security
  - Static Analysis
  - OpenAPI
  - Vulnerability Scanning
  humanURL: https://docs.42crunch.com/latest/content/concepts/api_contract_security_audit.htm
  properties:
  - url: https://docs.42crunch.com/latest/content/concepts/api_contract_security_audit.htm
    type: Documentation
  - url: https://docs.42crunch.com/latest/content/home.htm
    type: APIReference
  - url: graphql/42crunch-graphql.md
    type: GraphQL
  description: The 42Crunch API Security Audit performs automated static analysis of API definitions (OpenAPI 2, 3.0, 3.1 and GraphQL), running over 200 checks across format validation, data definition quality, and security analysis. APIs are scored 0-100 with recommendations to reach 70+ before runtime protection is applied. Integrates with CI/CD pipelines for continuous monitoring.
- aid: 42crunch:42crunch-api-scan
  name: 42Crunch API Scan
  tags:
  - API Security
  - Dynamic Testing
  - DAST
  - Contract Testing
  humanURL: https://docs.42crunch.com/latest/content/home.htm
  properties:
  - url: https://docs.42crunch.com/latest/content/home.htm
    type: Documentation
  description: 42Crunch API Scan performs dynamic API security testing (DAST) that evaluates runtime API behavior against its OpenAPI specification. It tests how well an API adheres to its contract and identifies vulnerabilities that only appear at runtime. Supports integration with CI/CD pipelines and Kubernetes via the scand-manager Kubernetes wrapper.
- aid: 42crunch:42crunch-api-protection
  name: 42Crunch API Protection
  tags:
  - API Security
  - Runtime Protection
  - Firewall
  - API Gateway
  humanURL: https://docs.42crunch.com/latest/content/home.htm
  properties:
  - url: https://docs.42crunch.com/latest/content/home.htm
    type: Documentation
  description: 42Crunch API Protection deploys an API-native micro firewall (API Firewall) that provides runtime defense against API attacks. The firewall is tailor-made for each API based on its OpenAPI specification and enforces API contract compliance in real time, blocking malformed requests and unauthorized access.
- aid: 42crunch:42crunch-scand-manager
  name: 42Crunch API Conformance Scan Jobs Manager
  tags:
  - API Security
  - Kubernetes
  - Conformance Scanning
  - DevSecOps
  humanURL: https://github.com/42Crunch/scand-manager
  properties:
  - url: https://github.com/42Crunch/scand-manager
    type: Documentation
  - url: openapi/42crunch-scand-manager.yaml
    type: OpenAPI
  - url: json-schema/scand-manager-job-name-schema.json
    type: JSONSchema
    title: Job Name Schema
  - url: json-schema/scand-manager-jobs-schema.json
    type: JSONSchema
    title: Jobs Schema
  - url: json-schema/scand-manager-job-spec-schema.json
    type: JSONSchema
    title: Job Spec Schema
  - url: json-schema/scand-manager-job-status-schema.json
    type: JSONSchema
    title: Job Status Schema
  - url: json-schema/scand-manager-error-schema.json
    type: JSONSchema
    title: Error Schema
  - url: json-structure/scand-manager-job-name-structure.json
    type: JSONStructure
    title: Job Name Structure
  - url: json-structure/scand-manager-jobs-structure.json
    type: JSONStructure
    title: Jobs Structure
  - url: json-structure/scand-manager-job-spec-structure.json
    type: JSONStructure
    title: Job Spec Structure
  - url: json-structure/scand-manager-job-status-structure.json
    type: JSONStructure
    title: Job Status Structure
  - url: json-structure/scand-manager-error-structure.json
    type: JSONStructure
    title: Error Structure
  - url: examples/scand-manager-job-name-example.json
    type: Example
    title: Job Name Example
  - url: examples/scand-manager-jobs-example.json
    type: Example
    title: Jobs Example
  - url: examples/scand-manager-job-spec-example.json
    type: Example
    title: Job Spec Example
  - url: examples/scand-manager-job-status-example.json
    type: Example
    title: Job Status Example
  - url: examples/scand-manager-error-example.json
    type: Example
    title: Error Example
  - type: NaftikoCapability
    url: capabilities/scand-manager-health.yaml
  - type: NaftikoCapability
    url: capabilities/scand-manager-jobs.yaml
  - type: NaftikoCapability
    url: capabilities/scand-manager-logs.yaml
  description: The 42Crunch Scand Manager provides a convenient way to run 42Crunch API Conformance Scans on-premises as Kubernetes Jobs. It manages the full lifecycle of scan jobs including creation, status monitoring, log retrieval, and deletion.
common:
- type: LinkedIn
  url: https://www.linkedin.com/company/42crunch
- type: Website
  url: https://42crunch.com/
- type: Documentation
  url: https://docs.42crunch.com/latest/content/home.htm
- type: Blog
  url: https://42crunch.com/blog/
- type: Support
  url: https://support.42crunch.com/hc/en-us
- type: Pricing
  url: https://42crunch.com/pricing/
- type: Tutorials
  url: https://42crunch.com/tutorials/
- type: Webinars
  url: https://42crunch.com/webinars/
- type: Partners
  url: https://42crunch.com/partners/
- type: Login
  url: https://platform.42crunch.com/login
- type: GitHubOrganization
  url: https://github.com/42Crunch
- type: IDESupport
  url: https://marketplace.visualstudio.com/items?itemName=42Crunch.vscode-openapi
- type: IDESupport
  url: https://plugins.jetbrains.com/plugin/14837-openapi-swagger-editor
- type: GitHubRepository
  url: https://github.com/42Crunch/vscode-openapi
- type: GitHubRepository
  url: https://github.com/42Crunch/api-security-audit-action
- type: GitHubRepository
  url: https://github.com/42Crunch/api-security-audit-action-freemium
- type: GitHubRepository
  url: https://github.com/42Crunch/api-security-scan-action-freemium
- type: GitHubRepository
  url: https://github.com/42Crunch/cicd-github-actions
- type: GitHubRepository
  url: https://github.com/42Crunch/scand-manager
- type: GitHubRepository
  url: https://github.com/42Crunch/resources
- type: SpectralRules
  url: rules/42crunch-spectral-rules.yml
- type: Vocabulary
  url: vocabulary/42crunch-vocabulary.yaml
- type: JSONLD
  url: json-ld/42crunch-scand-manager-context.jsonld
- type: Features
  data:
  - name: API Security Audit
    description: Automated static analysis of OpenAPI and GraphQL definitions running over 200 security checks, scoring APIs 0-100 for vulnerability and compliance issues.
  - name: API Scan (DAST)
    description: Dynamic API Security Testing that evaluates runtime API behavior against its OpenAPI contract, identifying vulnerabilities that appear only at runtime.
  - name: API Firewall
    description: API-native micro firewall that enforces OpenAPI contract compliance at runtime, blocking malformed requests, unauthorized access, and API attacks.
  - name: API Discovery
    description: Identifies and catalogs APIs across environments to provide full visibility into the API attack surface.
  - name: CI/CD Integration
    description: GitHub Actions and other CI/CD pipeline integrations for automated security scanning in deployment workflows.
  - name: IDE Integration
    description: Plugins for VS Code and IntelliJ/JetBrains IDEs that provide real-time OpenAPI editing, validation, and security feedback during API design.
  - name: OpenAPI Contract Security
    description: Enforces security best practices in OpenAPI specifications covering authentication, data validation, input/output schemas, and transport security.
  - name: Kubernetes Support
    description: Scand Manager provides a Kubernetes wrapper for running 42Crunch API Scan in containerized environments.
- type: UseCases
  data:
  - name: API Security Testing in CI/CD
    description: Embed automated API security scanning into CI/CD pipelines via GitHub Actions to catch vulnerabilities before they reach production.
  - name: OpenAPI Specification Review
    description: Audit OpenAPI definitions for security flaws, missing authentication, weak data validation, and schema gaps before API deployment.
  - name: Runtime API Protection
    description: Deploy the API Firewall in front of production APIs to enforce contract compliance and block attacks in real time.
  - name: DevSecOps API Governance
    description: Provide development, security, and operations teams with shared visibility into API security posture throughout the API lifecycle.
  - name: OWASP API Top 10 Compliance
    description: Systematically identify and remediate OWASP API Security Top 10 vulnerabilities in API definitions and runtime behavior.
  - name: API Security for Financial Services
    description: Address regulatory and compliance requirements for API security in banking, financial services, and insurance sectors.
  - name: Healthcare API Security
    description: Secure healthcare APIs handling sensitive patient data against unauthorized access and data exposure vulnerabilities.
- type: Integrations
  data:
  - name: GitHub Actions
    description: Native GitHub Actions for API Security Audit and API Scan, enabling automated security checks in GitHub CI/CD workflows.
  - name: VS Code
    description: OpenAPI extension for Visual Studio Code providing real-time API editing, validation, and security feedback with 42Crunch integration.
  - name: IntelliJ / JetBrains
    description: OpenAPI/Swagger Editor plugin for IntelliJ IDEA and other JetBrains IDEs.
  - name: Kubernetes
    description: Scand Manager provides Kubernetes-native deployment of API Scan for containerized API security testing.
  - name: Tekton
    description: Tekton Pipelines catalog integration for CI/CD security scanning tasks.
  - name: SonarQube
    description: SonarQube plugin that integrates 42Crunch API security audit results into code quality dashboards.
  - name: API Gateways
    description: API Firewall integrates with API gateway infrastructure to enforce contract compliance at the network edge.
  - name: SIEM / SOC Systems
    description: Runtime protection events can be forwarded to SIEM and SOC platforms for centralized threat monitoring and alerting.
  - name: Atlassian
    description: Data Center App Performance Toolkit support for Atlassian platform integration.
- type: Integrations
  url: https://42crunch.com/partners/
integrations:
- name: LogoCr1
- name: De flags
- name: 42C-Crest25-25
- name: 42Crunch-API-Securityio-Logo-Color-28-300x94
- name: ISO-27001(3)
- name: Gradient-Line-1-05-e1645537716386
maintainers:
- FN: Kin Lane
  email: [email protected]