42crunch/scand-agent

By 42crunch

Updated 23 days ago

42Crunch scand agent official image

Image
API Management
Security

10K+

API Contract Conformance Scan on premises

API Contract Conformance Scan lets you perform dynamic application security testing (DAST) on your OpenAPI definitions. The scan tests that your API implementation matches the contract your API sets out in its OpenAPI definition.

The Docker image scand-agent lets you to deploy and run Conformance Scan on premises rather than in the 42Crunch cloud platform. This way you can, for example, integrate this as a task that your CI/CD pipeline runs on every push to your repository to automate the testing.

Note: This feature is currently available as a private beta, and its development is still ongoing. The scan generates real traffic to the selected API endpoint and could incur costs depending on your setup. The API must be deployed so that the API endpoint is live, and the backend server your API uses must be accessible to Conformance Scan. Otherwise the API cannot be scanned.

API contracts must follow the OpenAPI Specification (OAS) (formely Swagger). Both OAS v2 and v3, and both JSON and YAML formats are supported.

For best results, make sure that your OpenAPI definition is valid and well-formatted before you scan it.

This feature is currently only available to 42Crunch paying customers.

Quick start

  1. In 42Crunch Platform, go to the API that you want to scan.
  2. On the On-Premises Scan tab, create a scan configuration. This also creates a scan token that identifies your configuration.
  3. Click the settings icon, and view and copy the value of the scan token.
  4. Use the following command to pull the scand-agent Docker image and run it with the correct scan configuration. Replace the placeholder for SCAN_TOKEN with the token value you copied:
docker pull 42crunch/scand-agent:latest
docker run -e SCAN_TOKEN=<replace with your token value> 42crunch/scand-agent:latest

You only need to pull the image when you first run an on-premises scan, or if your want to update the scan image version. If you want to change the scan configuration, delete the current configuration and create a new one, then update the token value in your Docker script to match.

When the on-premises scan runs, it creates and uploads a scan report and logs from the scan to 42Crunch Platform. You can view the latest scan report and when the on-premises scan was last run on the On-Premises scan tab of the API

Support

If you run into an issue, or have a question not answered here, you can create a support ticket at support.42crunch.com.

Docker Pull Command

docker pull 42crunch/scand-agent