πŸ”Ή
API Scanning
API Scanning is a process of testing your API endpoints to find any potential vulnerabilities.
CloudDefense API scans are performed on a runtime application using our fully packaged Docker image without any additional software installation. Please make sure you have the following prerequisites before running the scans.

Prerequisites

    Install CLI​
    Install Docker if not already present
      Version: 18.x or greater
Your source code or application doesn't leave your environment, Cloud Defense doesn't store or have any kind of access to it.

Command

Run the following command from your console by replacing placeholder values.
1
cdefense apiscan --api-key=<YOUR_API_KEY> \
2
--url="<REST_ENDPOINT_URL>" --project-name="<PROJECT_NAME>" \
3
--openapi-jsonurl="<OPEN_API_JSON_FILE_URL>"
Copied!

Parameters

The following parameters can be added from CLI when running a scan.
Option
Required
Description
--api-key
Yes
API Key
--project-name
Yes
Name of the project
--url
Yes
Rest endpoint url (example: https://petstore.swagger.io)
--openapi-jsonurl
Yes
Open API JSON Url(example: https://petstore.swagger.io/v2/swagger.json)

Sample

1
cdefense apiscan --api-key=<YOUR_API_KEY> --url="https://petstore.swagger.io/" --project-name=pdproject --openapi-jsonurl="https://petstore.swagger.io/v2/swagger.json"
Copied!
Last modified 1mo ago
Copy link