Migrating from 42Crunch to Noname Security

This guide outlines how to move from an existing API security scanner to the middleBrick self-service platform. It focuses on data export, rebuilding scan history, and preserving CI integrations while noting functional differences. The goal is to reduce downtime and maintain visibility into your API risk posture during the transition.

Begin by exporting findings and configurations from your current platform. Most tools provide a dashboard export or an API endpoint that returns JSON or CSV. Map the following fields to middleBrick concepts:

• Risk score or severity → mapped to the A–F score and prioritized findings
• Finding title and description → used for manual review and ticket creation
• CWE/OWASP reference → aligns findings to OWASP API Top 10 (2023)
• Timestamp and status → to rebuild scan timeline and track resolution

Include scan metadata such as target URLs, authentication details, and schedule intervals. If your tool offers a webhook history, export those events to cross-check with new alert traffic after migration.

Recreate your scanning cadence in middleBrick using the dashboard or API. For each API in scope, submit the base URL and configure authentication as supported (Bearer, API key, Basic auth, or Cookie). Use the CLI for one-off checks and the web dashboard for ongoing tracking.

To preserve trend lines, import your exported findings as historical anchors and then run fresh scans. Compare new results against the baseline to measure delta. In CI/CD, mirror previous gate behavior by failing the build when the score drops below your chosen threshold via the GitHub Action or MCP Server integrations.

middlebrick scan https://api.example.com --output json

Schedule recurring rescans (6 hours, daily, weekly, or monthly) to approximate your prior coverage. Rely on diff detection to surface new findings and resolved items, and configure email alerts limited to 1 per hour per API to avoid noise.

Not all previous capabilities map one-to-one. middleBrick is a black-box scanner that does not require agents or code access; it focuses on read-only detection and does not perform intrusive exploits like active SQL injection or command injection. Business logic vulnerabilities and blind SSRF are out of scope and require human analysis.

If your earlier workflow relied on authenticated scans with custom header allowlists, replicate those settings in the dashboard under authenticated scanning options. Note that scan data is deletable on demand and purged within 30 days of cancellation, and it is never used for model training.

middleBrick maps findings directly to three frameworks: PCI-DSS 4.0, SOC 2 Type II, and OWASP API Top 10 (2023). Use this mapping to support audit evidence and to validate controls during reviews. For other regulations, the platform helps you prepare for and aligns with security controls described in relevant standards, but it does not certify compliance.

Generate branded compliance PDFs from the dashboard, and leverage webhook signatures (HMAC-SHA256) to integrate findings into external governance tools. If you previously generated compliance reports, replicate the same fields using these capabilities while understanding the tool’s role as a scanner rather than an auditor.