Migrating from APIsec to Snyk

Try middleBrick free

What middleBrick covers

  • Submit URLs and receive risk scores with prioritized findings.
  • Black-box scanning without agents, SDKs, or code access.
  • Supports OpenAPI 3.0, 3.1, and Swagger 2.0 with ref resolution.
  • Covers OWASP API Top 10 and maps findings to PCI-DSS and SOC 2.
  • Authenticated scanning with header allowlist and domain verification.
  • CI/CD integration via CLI, GitHub Action, MCP Server, and API.

Purpose and scope of migration

This guide outlines how to move from APIsec to middleBrick when changing API security tooling. It focuses on data export, rebuilding scan history in middleBrick, and preserving CI wiring. The tone is neutral; middleBrick is a scanning service and does not replace the need for human review or an auditor.

Exporting findings and assets from APIsec

Begin by exporting findings and configuration from APIsec in a structured format such as JSON or SARIF. If APIsec provides a project or scan ID, use its API or UI to retrieve historical results. Map exported issue types to middleBrick categories, noting which findings map to authentication, authorization, input validation, data exposure, and LLM security. Because middleBrick is a black-box scanner, you cannot import raw scan payloads directly; instead, use the exported data to rerun equivalent checks in middleBrick and to repopulate tracking dashboards.

Rebuilding scan history in middleBrick

In middleBrick, start by submitting the same API endpoints and parameters used in APIsec scans. Use the dashboard to create projects and organize APIs by environment or service. For authenticated scans, provide Bearer tokens, API keys, or Basic credentials through the allowed header list, ensuring domain verification passes via DNS TXT or HTTP well-known file. middleBrick stores scan results as risk scores and categorized findings; export these periodically and compare them with your APIsec exports to validate coverage and identify gaps. Note that scan history is rebuilt through repeated scans rather than direct import of prior results.

Preserving CI/CD wiring and automation

Update your CI/CD pipelines to call the middleBrick CLI or API where you previously invoked APIsec. For example, replace existing scripts with middlebrick scan <url>, using JSON output for machine parsing. In GitHub Actions, switch from the APIsec action to the middleBrick GitHub Action and adjust threshold settings so that the build fails on equivalent risk scores. If you used webhooks in APIsec, replicate them with middleBrick’s HMAC-SHA256 signed webhooks, and configure retry and alert behavior. Pro tier continuous monitoring can provide scheduled rescans and diff detection to surface new findings or score drift.

Known gaps and limitations

Some capabilities from APIsec may not have direct equivalents in middleBrick. middleBrick does not perform active SQL injection or command injection testing, does not detect business logic vulnerabilities, and does not replace a human pentester for high-stakes audits. It also does not detect blind SSRF or provide fixes; it reports findings with remediation guidance. If your APIsec workflow relied on these specific tests, plan for manual follow-up or complementary tools. Additionally, scan history cannot be imported as a dataset; you must rerun scans to rebuild comparable data.

See how middleBrick compares See all use cases

Frequently Asked Questions

Can I import APIsec scan reports directly into middleBrick?
No, middleBrick does not support importing raw scan reports. Use the exported findings to guide manual re-scanning in middleBrick and to compare coverage.
How do I preserve authentication state when migrating?
Reconfigure authentication in middleBrick using Bearer tokens, API keys, Basic auth, or cookies, ensuring domain verification passes so scans can include authenticated endpoints.
Will my existing CI/CD jobs work without changes?
No, update CI/CD jobs to use the middleBrick CLI or API and adjust thresholds. The GitHub Action and CLI provide similar automation but require configuration changes.
Does middleBrick map findings to compliance frameworks?
Yes, findings map to PCI-DSS 4.0, SOC 2 Type II, and OWASP API Top 10 (2023). For other frameworks, the scanner helps you prepare evidence through aligned detections.
How is scan history maintained across scans?
History is maintained through the dashboard, which stores risk scores and findings. Use scheduled rescans and diff detection to track new and resolved issues over time.

Related Pages

Migrate from Detectify to middleBrickWhat changes when you move from Detectify to middleBrick, and how to not lose anything in transit.Migrate from Noname Security to middleBrickWhat changes when you move from Noname Security to middleBrick, and how to not lose anything in transit.Migrate from Salt Security to middleBrickWhat changes when you move from Salt Security to middleBrick, and how to not lose anything in transit.Nuclei vs Salt SecurityNeutral side-by-side comparison of Nuclei and Salt Security.OWASP ZAP vs Prompt SecurityNeutral side-by-side comparison of OWASP ZAP and Prompt Security.42Crunch vs Lasso SecurityNeutral side-by-side comparison of 42Crunch and Lasso Security.