Migrating from 42Crunch to Veracode

Try middleBrick free

What middleBrick covers

  • Black-box scanning with no agents or SDK integration
  • Risk score A–F with prioritized findings
  • Supports GET, HEAD, and text-only POST methods
  • OpenAPI 3.0/3.1 and Swagger 2.0 parsing with $ref resolution
  • Authenticated scans with header allowlist and domain verification
  • Scheduled rescans and diff detection for score trends

Purpose and scope of migration

This guide outlines how to move API security scanning workflows from 42Crunch to middleBrick. It focuses on data export, rebuilding scan history, and preserving CI wiring, without implying a feature equivalence. middleBrick is a scanner that reports findings and risk scores; it is not an auditor and cannot recreate historical test artifacts from 42Crunch.

Data export and import considerations

42Crunch stores configuration and scan metadata in its platform. Extract what you can before switching, such as exported scan definitions, policy rules, and job schedules. middleBrick accepts a submitted URL and read-only methods (GET, HEAD, text-only POST) to perform black-box scans. You will lose the original 42Crunch UI layouts and raw evidence; plan to rebuild documentation from exported artifacts and from new middleBrick reports.

  • Export scan policies and security rules from 42Crunch admin console.
  • Record target URLs, authentication schemes, and header configurations used in 42Crunch jobs.
  • Recreate equivalent scans in middleBrick using the CLI or dashboard, supplying the same endpoints and auth context.

There is no automated migration tool; treat this as a manual rebuild using the exported data as a reference.

Rebuilding scan history and tracking trends

Scan history is not transferred between systems. In middleBrick, you establish a new baseline by running scans on the same targets and with the same authentication context. Use the dashboard to track score trends over time and compare findings across new scans. For each API, record the initial risk score and key findings so that future runs provide comparable deltas. middleBrick supports scheduled rescans and diff detection to highlight new findings and resolved findings across scans.

  • Run an initial full scan for each API in the same environment used by 42Crunch.
  • Save the resulting score and finding list as a reference point.
  • Schedule regular rescans to measure security posture change.

Preserving CI wiring and automation

If 42Crunch was integrated into CI pipelines, replace those calls with middleBrick equivalents. The middleBrick CLI provides a direct substitute for scan execution, returning JSON or text output that can be parsed in scripts. The GitHub Action can gate builds based on a score threshold, and the MCP Server allows AI coding assistants to trigger scans. Ensure that CI secrets (auth tokens, headers) are reconfigured in your new workflows, respecting the header allowlist enforced by middleBrick.

middlebrick scan https://api.example.com --auth-type bearer --auth-token "$API_TOKEN"

For CI/CD gates, configure the action to fail when the score drops below your defined level. middleBrick emits signed webhooks for automated downstream systems; these differ from 42Crunch integrations and must be reimplemented.

Known gaps and limitations

middleBrick does not replicate 42Crunch policy templates or custom rule sets. Findings are mapped to OWASP API Top 10 (2023), PCI-DSS 4.0, and SOC 2 Type II, but historical 42Crunch compliance mappings will not transfer. You will need to re-map findings to your internal compliance documentation. The scanner performs read-only checks and does not execute intrusive payloads, so vulnerabilities requiring exploit verification will need manual follow-up.

  • No automated conversion of 42Crunch policy definitions.
  • No historical evidence or raw request/response storage from 42Crunch.
  • Authenticated scanning requires domain verification and a restricted header set.
See how middleBrick compares See all use cases

Frequently Asked Questions

Can I import 42Crunch scan reports directly into middleBrick?
No. You must re-run scans in middleBrick using the same targets and authentication details to generate new findings.
Will middleBrick recreate my 42Crunch security policies?
No. You need to manually translate policy rules into test parameters such as URLs, headers, and auth methods when configuring scans.
How do I preserve CI/CD behavior during migration?
Replace 42Crunch CLI calls with the middleBrick CLI or GitHub Action, and update secrets and headers to match the allowed set.
Does middleBrick support authenticated scans like 42Crunch?
Yes, it supports Bearer, API key, Basic auth, and cookies, provided domain verification passes.
Can I map middleBrick findings to PCI-DSS and SOC 2?
Yes, findings map to PCI-DSS 4.0 and SOC 2 Type II controls and help you prepare for audits under those frameworks.

Related Pages

Migrate from Detectify to middleBrickWhat changes when you move from Detectify to middleBrick, and how to not lose anything in transit.Migrate from Noname Security to middleBrickWhat changes when you move from Noname Security to middleBrick, and how to not lose anything in transit.Migrate from Salt Security to middleBrickWhat changes when you move from Salt Security to middleBrick, and how to not lose anything in transit.Nuclei vs Salt SecurityNeutral side-by-side comparison of Nuclei and Salt Security.OWASP ZAP vs Prompt SecurityNeutral side-by-side comparison of OWASP ZAP and Prompt Security.42Crunch vs Lasso SecurityNeutral side-by-side comparison of 42Crunch and Lasso Security.