Migrating from 42Crunch to Checkmarx

Try middleBrick free

What middleBrick covers

  • Submit URL and receive a risk score with prioritized findings
  • Black-box scanning without agents or SDK integration
  • Supports OpenAPI 3.0, 3.1, and Swagger 2.0 with ref resolution
  • Read-only detection using GET, HEAD, and text-only POST
  • Covers OWASP API Top 10, PCI-DSS 4.0, and SOC 2 Type II mapping
  • CLI, web dashboard, GitHub Action, and MCP server integration

Purpose and scope of this migration guide

This guide focuses on moving workflows and configurations when transitioning from a self-hosted, rules-driven scanner to a self-service API security scanner. It covers data export, rebuilding scan history, and preserving CI wiring, while highlighting operational gaps. The tool scans a submitted URL and returns a risk score with prioritized findings, using read-only methods and completing in under a minute.

Data export and historical scan reconstruction

Export findings and configuration from your current platform in a structured format such as JSON or CSV. Map fields like severity, endpoint path, parameter name, and CVE identifiers to the new tool’s schema. Rebuilding historical scan data requires correlating time stamps and API identifiers, because the system does not ingest raw scan artifacts or maintain an internal archive of prior scans. Use the CLI to re-run targeted scans against migrated endpoints to create a comparable evidence set.

Preserving CI/CD wiring and automation

Update pipeline definitions to call the new scanner via its CLI or API. The CLI command follows the pattern middlebrick scan <url>, with JSON or text output suitable for scripting. In CI, fail the build based on a score threshold or specific findings by parsing the JSON output. If you previously used policy gates tied to scan metadata, reimplement them using the new platform’s threshold rules and score labels. Webhooks can notify collaboration tools, with delivery confirmed by HTTP status codes.

Known gaps and operational differences

The platform does not store historical scan records or provide diffing across time; you must manage trend tracking externally by persisting results. It does not perform intrusive exploit testing, such as active SQL injection or command injection, nor does it detect business logic issues, blind SSRF, or compliance certification needs. The tool maps findings to frameworks such as OWASP API Top 10, PCI-DSS 4.0, and SOC 2 Type II, but it does not claim compliance for other regulations. Authentication is supported via Bearer, API key, Basic auth, and cookies, with domain verification required to validate ownership before credentialed scans.

Migration checklist and ongoing operations

Inventory all scanned APIs and their authentication schemes. Export configurations and evidence artifacts, then validate scans against the same endpoints using the new tool. Reconfigure monitoring and alerting to align with the new output format and rate limits. For continuous monitoring, use scheduled rescans and configure email or webhook notifications. The platform supports integrations through an API client, an MCP server for AI coding assistants, and a GitHub Action for CI/CD gating.

See how middleBrick compares See all use cases

Frequently Asked Questions

Can I import raw scan results from the previous platform?
No, the tool does not ingest external scan artifacts. You must re-run scans against the same endpoints to rebuild evidence.
How do I preserve trend data and historical scores?
Persist scan outputs externally and use them to build your own trend analysis. The platform does not store or diff past scans.
Will my existing CI pipelines work without changes?
No, update pipeline commands to use the new CLI or API, and adjust gate logic to match the new score and finding format.
Does the tool map findings to compliance frameworks?
Yes, findings map to OWASP API Top 10, PCI-DSS 4.0, and SOC 2 Type II. For other frameworks, it supports audit evidence preparation through alignment.
What authentication methods are supported for authenticated scans?
Bearer tokens, API keys, Basic auth, and cookies are supported, with domain verification required for credentialed scans.

Related Pages

Migrate from Detectify to middleBrickWhat changes when you move from Detectify to middleBrick, and how to not lose anything in transit.Migrate from Noname Security to middleBrickWhat changes when you move from Noname Security to middleBrick, and how to not lose anything in transit.Migrate from Salt Security to middleBrickWhat changes when you move from Salt Security to middleBrick, and how to not lose anything in transit.Nuclei vs Salt SecurityNeutral side-by-side comparison of Nuclei and Salt Security.OWASP ZAP vs Prompt SecurityNeutral side-by-side comparison of OWASP ZAP and Prompt Security.42Crunch vs Lasso SecurityNeutral side-by-side comparison of 42Crunch and Lasso Security.