The plugin is powered by 42Crunch API Contract Security Audit. Security Audit performs a static analysis of the API definition that includes more than 200 checks on best practices and potential vulnerabilities on how the API defines authentication, authorization, transport, and data coming in and going out. For more details on the checks, see API Security Encyclopedia.
API contracts must follow the OpenAPI Specification (OAS) (formely Swagger). Both OAS v2 and v3, and both JSON and YAML formats are supported.
You can create a free 42Crunch account at https://platform.42crunch.com/register, and then configure the plugin as described below.
-
Download the latest version of the plugin from this repository.
-
Put the JAR file into SonarQube's \extensions\plugins folder.
-
Follow the configuration instructions from our documentation
If you run into an issue, or have a question not answered here, you can create a support ticket at support.42crunch.com, or ask your questions on the Q&A tab here.
This plugin is maintained by support@42crunch.com.
If you’re reporting an issue, please include:
- the version of the plugin
- relevant logs, error messages, and screenshots
- steps to reproduce the issue