Migrating from Bright Security to middleBrick

Start by extracting your existing scan data from Bright Security. Use their UI or API to download findings, scan configurations, and historical scores. Export formats vary; prefer JSON or CSV for structured fields such as endpoint paths, risk grades, and timestamps. Keep the raw mapping between endpoints and findings intact so you can correlate results during migration. Validate the export by confirming that critical fields like vulnerability identifiers and severity levels are preserved.

Ingest the exported data into middleBrick to approximate historical context. Because middleBrick is a black-box scanner without agents, you cannot directly import raw findings as proof of prior scans. Instead, replay the same endpoints and methods recorded in your export using the CLI or API, and store the new results alongside your migration notes. Maintain a cross-reference table that links Bright Security identifiers to the corresponding middleBrick scan IDs, timestamps, and risk scores. This approach helps you track delta over time, even if prior vulnerability detail cannot be reproduced exactly.

Keep your pipelines running while switching tools by running parallel checks for a defined overlap period. Update your CI configuration to call the middleBrick CLI in read-only mode alongside the existing Bright Security step, using the same endpoints and authentication methods. Compare scores and high-severity findings between both tools, and gate merges only when middleBrick confirms the required security threshold. Use the header allowlist to ensure only approved authorization headers are forwarded, and verify domain ownership where credentials are required to avoid unauthorized scans.

npx middlebrick scan https://api.example.com --format json

You will lose the ability to rely on agent-based instrumentation or runtime application tracing, since middleBrick operates as a black-box scanner with no code access or SDK integration. Passive detection of internal logic flaws and blind SSRF is outside scope, and you will need human-led analysis for business logic and nuanced rule violations. In return, you gain a standardized, read-only assessment that completes in under a minute for most APIs. middleBrick maps findings to OWASP API Top 10, supports OpenAPI 3.0/3.1 and Swagger 2.0 with recursive $ref resolution, and provides continuous monitoring with diff detection across scans. The tool enforces strict allowlists for headers and methods, and it blocks unsafe targets such as private IPs and cloud metadata endpoints at multiple layers.

After migration, shift to middleBrick’s scoring model and remediation guidance. Use the web dashboard to review score trends and generate branded compliance PDFs aligned to OWASP API Top 10 and PCI-DSS 4.0. Enable Pro tier features such as scheduled rescans and HMAC-SHA256 signed webhooks if you require automated alerts and audit-ready evidence. Plan your subscription based on the number of APIs monitored, noting that the Starter tier supports 15 APIs with monthly scans and email alerts, while the Pro tier scales to 100 APIs with continuous monitoring and CI/CD integration. Deletion requests and data purges within 30 days of cancellation are supported, and scan data is never used for model training.