Migrating from Invicti to middleBrick

Try middleBrick free

What middleBrick covers

  • Sub-minute black-box scans for any API stack
  • Read-only methods only, no active exploitation
  • OWASP API Top 10 (2023) coverage with mappings
  • Authenticated scans with Bearer, API key, Basic, Cookie
  • OpenAPI 3.0/3.1 and Swagger 2.0 parsing
  • CI/CD integration via GitHub Action and CLI

Exporting data from Invicti

Begin by exporting findings and configuration from Invicti. Use the built-in reports to generate CSV or PDF files for historical scans. Export scan summaries, risk ratings, and individual vulnerability entries. Keep the export timestamps and scanner version to support later cross-reference during migration.

Rebuilding scan history in middleBrick

middleBrick does not ingest Invicti scan files. Instead, re-run scans against the same API endpoints to rebuild history. For each environment, run a scan with the same parameters (authentication, headers, depth) and schedule at comparable cadence. Record scan IDs and timestamps in an inventory sheet to map findings over time. Use the CLI in scripts to automate this and preserve repeatable commands for audit trails.

Keeping CI wired up during cutover

To avoid CI breaks, transition checks gradually. Add the middleBrick GitHub Action in parallel but set it to warn without failing the build. Use the same severity thresholds initially, then tighten them once baseline alignment is confirmed. Keep the legacy Invictit step active until the new action produces stable, expected results across multiple branches.

npx middlebrick scan https://api.example.com --threshold B --output json

What you will miss and what you will gain

You will lose direct integration with Invicti’s on-prem console and passive-only authenticated crawls. middleBrick does not perform active exploit attempts such as SQL injection or command injection, and it does not crawl JavaScript-heavy SPAs automatically. In return, you gain a cloud-agnostic scanner with a consistent interface across languages and frameworks, sub-minute scan times, and clear mappings to OWASP API Top 10. The tool emphasizes read-only checks and does not modify any endpoint, reducing test risk in production-like environments.

Planning the migration timeline and responsibilities

Coordinate with security and DevOps to schedule a freeze window for re-authentication setup. Verify domain ownership for credentialed scans via DNS TXT or well-known challenge files. Assign owners for each API inventory entry to map Invicti asset IDs to middleBrick scan targets. Run a pilot on a low-risk API, compare outputs, and finalize reporting templates and alerting rules before full rollout.

See how middleBrick compares See all use cases

Frequently Asked Questions

Can I import Invicti scan reports directly into middleBrick?
No. middleBrick requires live scans; it does not accept imported reports or artifacts from other tools.
Will my existing CI pipeline fail immediately after switching?
Not if you run middleBrick in warning-only mode first, then gradually enforce thresholds once results stabilize.
Does middleBrick support authenticated scans with SSO or OAuth flows?
It supports Bearer tokens, API keys, Basic auth, and cookies. Custom SSO flows that cannot be expressed as static credentials are outside scope.
How are compliance mappings handled during migration?
Findings map to OWASP API Top 10, PCI-DSS 4.0, and SOC 2 Type II. Other frameworks are surfaced as alignment references only.
What happens to scan data when I cancel the service?
Customer data is deletable on demand and purged within 30 days of cancellation. It is not sold or used for model training.

Related Pages

Alternatives to AktoViable alternatives to Akto for API security — including middleBrick.Alternatives to TenableViable alternatives to Tenable for API security — including middleBrick.Alternatives to PyntViable alternatives to Pynt for API security — including middleBrick.