Migrating from Detectify to middleBrick

Begin by exporting your current Detectify findings as a CSV from the Findings page. Include columns for URL, severity, title, and tags. If you use custom tags in Detectify, map them to a simple taxonomy so you can filter later in middleBrick. Note that metadata such as snapshots and raw evidence may require manual capture, as middleBrick does not ingest Detectify reports directly.

In middleBrick, re-create your API inventory by submitting the same URLs you maintain in Detectify. Use the CLI to run an initial scan for each endpoint and store the JSON output for archival purposes. There is no automatic import of historical risk scores; instead, use the date-stamped scan records in the dashboard to establish a baseline. Over time, the continuous monitoring feature will build a comparable trend line using diff detection between scans.

To keep your pipeline guarded while switching tools, first add the middleBrick CLI to your CI configuration and run a single scan against a staging endpoint. Use the GitHub Action in report-only mode to compare results before you change gate thresholds. When you promote the action to enforce mode, set the score threshold to match your previous fail conditions. Expect a short period where both tools run in parallel; route alerts to a dedicated channel until the new workflow stabilizes.

- name: MiddleBrick CI gate
  uses: middlebrick/github-action@v1
  with:
    url: ${{ secrets.TEST_API_URL }}
    threshold: C
    mode: enforce

You will gain passive scanning limited to read-only methods, a single dashboard for score tracking, and built-in compliance mappings to PCI-DSS 4.0, SOC 2 Type II, and OWASP API Top 10 (2023). The system blocks dangerous payloads by design and does not execute active SQL injection or command injection tests. You will lose the ability to automatically fix or remediate findings, and you will not receive detection for business logic flaws or blind SSRF that require out-of-band infrastructure. For high-stakes audits, retain a human pentester to review context-specific findings.

middleBrick retains scan data only as long as your account exists. On cancellation, data is deletable on demand and purged within 30 days. Customer data is never sold or used for model training. The scanner follows a read-only safety posture: destructive payloads are never sent, private IPs and localhost are blocked at multiple layers, and only a limited set of headers are forwarded. Use the API client to programmatically manage scan records and to integrate findings into existing ticketing or compliance workflows.