Migrating from APIsec to Qualys

Try middleBrick free

What middleBrick covers

  • Compare risk scores across scans to track remediation progress
  • Export structured scan data for archival and mapping
  • Rebuild historical trends via scheduled snapshot imports
  • Preserve CI gate behavior with exit codes and thresholds
  • Run parallel scans to validate coverage and detect gaps
  • Document limitations to guide manual review and controls

Overview of migration goals

Moving from a traditional scanner to a self-service API security tool involves changes in workflow, data ownership, and timing expectations. This guide focuses on how to handle data export, rebuild scan history in the new environment, and preserve existing CI integrations without assuming feature parity.

Data export and import considerations

Export scan records from your previous platform in a structured format such as JSON or CSV, ensuring timestamps, severity levels, and endpoint paths are preserved. When ingesting into another system, map source fields to the new tool’s schema, normalizing risk ratings and deduplicating findings across scans. Because each platform stores metadata differently, validate coverage by comparing counts of unique findings per API before decommissioning the old setup.

Rebuilding scan history and trends

Historical trend lines cannot be automatically imported; you will rebuild them by importing consistent snapshots over time. Store exported scan artifacts with versioned filenames and run regular imports on a fixed schedule to create a comparable baseline. Use the new tool’s dashboard or an external datastore to visualize score drift, recurring findings, and remediation progress across weeks and months.

Preserving CI wiring and automation

Review existing CI pipelines to identify how the previous scanner gates merges, blocks deployments, or sends notifications. Replicate similar behavior using the new platform’s CLI flags, API endpoints, or native integrations. For example, configure the new tool to return non-zero exit codes when the risk score drops below a defined threshold, and ensure pipeline logs contain enough context to triage failures without exposing sensitive payloads.

middlebrick scan https://api.example.com --threshold C --output json

Known gaps and operational adjustments

Not every capability from the previous solution will map 1:1, especially around scan scheduling precision, custom rule definitions, or proprietary detection logic. Plan for a parallel run period where both tools execute against staging environments to compare coverage and tune thresholds. Document any findings that remain undetected so that compensating controls or manual review steps are clearly recorded.

See how middleBrick compares See all use cases

Frequently Asked Questions

Can I import raw scan reports from my previous tool?
You can import structured data such as JSON or CSV and map fields to the new schema, but detailed rule definitions and proprietary detection logic usually require manual re-creation.
Will my existing CI pipelines work without changes?
No, you will need to update commands, thresholds, and failure conditions to match the new tool’s output formats and API contract.
How do I preserve scan history for compliance audits?
Export snapshots with timestamps and store them in a versioned repository, then rebuild trend lines by importing these snapshots on a regular schedule.
What happens to authenticated scan configurations during migration?
Credentials and header allowlists must be re-entered, and domain verification steps should be repeated to ensure the new system is authorized to scan protected APIs.

Related Pages

Migrate from Detectify to middleBrickWhat changes when you move from Detectify to middleBrick, and how to not lose anything in transit.Migrate from Noname Security to middleBrickWhat changes when you move from Noname Security to middleBrick, and how to not lose anything in transit.Migrate from Salt Security to middleBrickWhat changes when you move from Salt Security to middleBrick, and how to not lose anything in transit.Nuclei vs Salt SecurityNeutral side-by-side comparison of Nuclei and Salt Security.OWASP ZAP vs Prompt SecurityNeutral side-by-side comparison of OWASP ZAP and Prompt Security.42Crunch vs Lasso SecurityNeutral side-by-side comparison of 42Crunch and Lasso Security.