Migrating from APIsec to GitGuardian

Try middleBrick free

What middleBrick covers

  • Black-box scanning with no agents or SDK dependencies
  • URL submission returns A–F risk score with prioritized findings
  • Detects OWASP API Top 10 (2023) and related mapping
  • OpenAPI 3.0/3.1 and Swagger 2.0 parsing with ref resolution
  • Authenticated scans with header allowlist and domain verification
  • Pro continuous monitoring and diff detection across scans

Overview of migration goals

This guide describes practical steps when moving API security scanning from APIsec to middleBrick. The focus is on data export, rebuilding scan history, preserving CI wiring, and understanding current gaps. middleBrick operates as a distinct tool with its own data model, so direct feature parity is not expected.

Exporting findings and historical data

Begin by extracting findings and metadata from APIsec. Most platforms provide an export of findings in JSON or CSV, including severity, location, and status (open/remediated). If timestamps are available, include them to preserve chronological context when importing into middleBrick. Note that middleBrick does not ingest external scan formats; you will re-scan assets to generate native findings and rely on continuous monitoring for change tracking across scans.

Rebuilding scan history and CI integration

To rebuild scan history in middleBrick, re-scan each API endpoint using the CLI or dashboard. Use the same URL list and authentication context (Bearer, API key, Basic, or Cookie) that was used previously. For CI, integrate the middleBrick CLI into your pipeline with a command such as:

middlebrick scan https://api.example.com --format json --out results.json

Compare results over time using the dashboard’s trend view. The diff detection in Pro tracks new findings, resolved findings, and score drift, which you can use to approximate historical progression. Note that detailed line-by-line history from APIsec will not carry over; only recurring scan snapshots will be preserved.

Authentication and scope alignment

Ensure that authentication configurations in middleBrick match the original coverage. Authenticated scanning in middleBrick supports Bearer, API key, Basic auth, and Cookie, with domain verification required to confirm ownership. The scanner only forwards a strict allowlist of headers: Authorization, X-API-Key, Cookie, and X-Custom-*. If APIsec used custom headers for authorization, replicate them using the X-Custom-* allowlist to maintain similar test conditions.

Known gaps and limitations

middleBrick does not ingest or replay APIsec’s raw test cases or exploit payloads. Business logic vulnerabilities that were previously identified will need manual re-evaluation in the context of your domain. The tool does not perform active SQL injection or command injection testing, nor does it detect blind SSRF without out-of-band infrastructure. It also does not replace a human pentester for high-stakes audits. Continuous monitoring can reduce drift, but historical scan detail from APIsec cannot be fully reconstructed within middleBrick.

See how middleBrick compares See all use cases

Frequently Asked Questions

Can I import APIsec JSON reports directly into middleBrick?
No. middleBrick does not accept external scan formats; you must re-scan endpoints to generate native findings.
Will my scan history timelines remain continuous after migration?
Scan history will continue from the point of re-scan in middleBrick. Previous timestamps and detailed findings from APIsec are not imported.
How do I preserve CI behavior during migration?
Update your CI scripts to use the middleBrick CLI or API client with the same URL list and auth setup, and adjust thresholds based on middleBrick’s scoring model.
Does authenticated scanning work the same way as in APIsec?
Yes for supported methods (Bearer, API key, Basic, Cookie). Ensure domain verification passes and only allowed headers are forwarded.
Can middleBrick map findings to PCI-DSS and SOC 2?
Yes, findings map to PCI-DSS 4.0, SOC 2 Type II, and OWASP API Top 10 (2023). It does not claim compliance for other frameworks.

Related Pages

Migrate from Detectify to middleBrickWhat changes when you move from Detectify to middleBrick, and how to not lose anything in transit.Migrate from Noname Security to middleBrickWhat changes when you move from Noname Security to middleBrick, and how to not lose anything in transit.Migrate from Salt Security to middleBrickWhat changes when you move from Salt Security to middleBrick, and how to not lose anything in transit.Nuclei vs Salt SecurityNeutral side-by-side comparison of Nuclei and Salt Security.OWASP ZAP vs Prompt SecurityNeutral side-by-side comparison of OWASP ZAP and Prompt Security.42Crunch vs Lasso SecurityNeutral side-by-side comparison of 42Crunch and Lasso Security.