42crunch-api-security-testing Plugin
Plugin Claude Code Security Security, Auth & ComplianceCode Quality, Review & TestingWeb & App DevelopmentThe explanation below is AI-generated. Please verify it against the sources.
42crunch-api-security-testing is a Claude Code plugin that brings 42Crunch's API security testing into AI-assisted development workflows. According to the README, it audits OpenAPI Specification files, detects vulnerabilities aligned with OWASP API Security risks (including BOLA/BFLA), and applies AI-powered fixes through an audit->scan->remediate->validate loop. Using it requires a 42Crunch account (a free trial, a token-based plan, or a Platform account) and the plugin automatically downloads and updates a 42c-ast binary on first use. It exposes five commands covering setup, static audit, live conformance/authorization scanning, a combined audit+scan pipeline, and OpenAPI spec generation from source code or Postman/Insomnia collections.
Overview
According to the homepage, 42Crunch is an API and AI security platform that helps organizations discover, test, secure, and continuously monitor APIs across development and runtime environments, offering automated API security testing, OpenAPI security auditing, runtime protection, and AI API security controls.
What you can do with 42crunch-api-security-testing
- Install the 42c-ast binary and configure credentials one time with /42crunch-setup
- Run a static security audit of an OpenAPI Specification with /42crunch-audit, producing a 0–100 score and findings tiered as SQG-Blocking, Security, Data Validation, or Spec Conformance
- Run a live conformance and authorization scan (BOLA/BFLA) against a running API with /42crunch-scan
- Run the full audit + scan pipeline in a single session with /42crunch-api-security-testing
- Generate an openapi.json from an API codebase, a Postman/Insomnia collection, or both with /generate-oas
Sources
Original description (English)
Automate API security directly in Claude Code with 42Crunch - automatically audit OpenAPI specs, detect vulnerabilities aligned with OWASP API Security risks (including BOLA/BFLA), and apply AI-powered fixes. Designed for AI-assisted development workflows, it provides continuous guardrails through an audit->scan->remediate->validate loop, ensuring APIs meet enterprise security standards before deployment.
History of 42crunch-api-security-testing
- Plugin Updated Repository of 42crunch-api-security-testing (https://github.com/42Crunch-AI/claude-plugins/tree/baec6e6a03f07d09719eebd15aa12a46d2070aba/plugins/api-security-testing → https://github.com/42Crunch-AI/claude-plugins/tree/30287f5e3f122a646d1ac5ca3ab96e130c52a3ad/plugins/api-security-testing)
- Plugin Added 42crunch-api-security-testing