Migrating from Prompt Security to middleBrick

What middleBrick covers

Black-box API scanning with under one minute scan time
12 OWASP API Top 10 detection categories
OpenAPI 3.0/3.1 and Swagger 2.0 parsing with ref resolution
CI/CD integration via GitHub Action with configurable thresholds
Continuous monitoring and diff detection across scans
Multi-method authenticated scanning with header allowlist

Exporting data from Prompt Security

Begin by exporting all scan records you currently hold in Prompt Security. Most platforms provide a download of findings as JSON or CSV; if only a web interface is available, use the export feature or browser automation to capture the data. Save the export with a timestamp so you can correlate it later with middleBrick scans. Note that export formats vary by plan, and you are responsible for ensuring the export includes finding details, severity, affected endpoints, and any tags you used for prioritization.

Rebuilding scan history in middleBrick

To rebuild history, run the same URLs through middleBrick and store the results alongside your Prompt Security exports. Use the CLI to automate repeated scans and capture JSON output for archival:

middlebrick scan https://api.example.com/openapi.json --output json > middlebrick-$(date +%s).json

For the Starter tier and above, authenticated scans require domain verification; ensure DNS TXT records or HTTP well-known files are in place before enabling credentials. Import the JSON outputs into your tracking system and align findings by endpoint and severity to approximate historical trends. Understand that raw finding counts will differ because middleBrick maps findings to a distinct set of rules and detection logic, so focus on directional changes rather than exact parity.

Keeping CI wired up during the cutover

If your CI/CD pipeline uses Prompt Security, plan a phased switch to the GitHub Action provided by middleBrick. Create a feature branch with the new step, validate that scans complete within your time window, and confirm that failure thresholds match your risk appetite. During the transition, you can run both tools in parallel and compare results via the dashboards; this helps verify that critical findings are not lost while you update policies.

For the GitHub Action, pin the version used in your workflow and set explicit score thresholds. Example step:

- uses: middlebrick/action@v1
  with:
    url: https://api.example.com/openapi.json
    threshold: C
    fail-on-upgrade: true

Use environment-specific thresholds in Staging versus Production, and ensure the pipeline has only read access and necessary headers allowed by middleBrick. If you rely on email alerts from Prompt Security, reconfigure notifications to Slack, Teams, or your existing alerting channels supported by middleBrick Pro.

What you will miss and how to compensate

Prompt Security may offer features that middleBrick does not replicate. Because middleBrick is a black-box scanner without agents or SDK integration, it does not perform intrusive testing such as active SQL injection or command injection. It also does not detect business logic vulnerabilities or blind SSRF that require out-of-band infrastructure or deep domain knowledge. If your workflow depends on those tests, retain a separate plan for manual pentesting or specialized tools focused on those areas.

middleBrick does not fix, patch, block, or remediate; it detects and reports with remediation guidance. If you expected automated fixes from Prompt Security, adjust expectations and integrate the findings into your ticketing or remediation pipeline. Use the compliance mappings to PCI-DSS 4.0, SOC 2 Type II, and OWASP API Top 10 (2023) to justify coverage to auditors, and treat other regulatory references as alignment rather than certification.

What you will gain and next steps

Migrating to middleBrick provides a consistent, API-first approach to security scanning with a dashboard, trend tracking, and programmable access via CLI and API. You gain scheduled rescans, diff detection across runs, and structured compliance evidence aimed at PCI-DSS 4.0, SOC 2 Type II, and OWASP API Top 10 (2023). The scanner operates as a read-only service, blocking dangerous targets and focusing on detection rather than remediation.

Next steps: inventory your APIs, verify domain ownership for authenticated scans, export existing findings, and run a pilot on a non-critical service. Compare the pilot results with your Prompt Security data, adjust thresholds, and then roll out to your full inventory. Monitor the first weeks of alerts, refine your allowlist of headers, and enable Pro features such as continuous monitoring and signed webhooks as needed.

Frequently Asked Questions

Can I import my Prompt Security findings into middleBrick?

There is no direct importer; rebuild history by re-scanning URLs with the middleBrick CLI and storing the JSON output alongside your exports for comparison.

Will my CI fail differently under middleBrick compared to Prompt Security?

Yes, because detection rules differ. Use a parallel run to compare results and tune the score threshold before enforcing failures in production pipelines.

Does middleBrick support authenticated scans for CI?

Yes, Bearer, API key, Basic auth, and Cookie are supported from Starter tier upward, with domain verification required to ensure only the domain owner can scan with credentials.

Can middleBrick map findings to compliance frameworks?

Yes, findings map directly to PCI-DSS 4.0, SOC 2 Type II, and OWASP API Top 10 (2023). For other regulations, use alignment language such as supports audit evidence for.

How long are scan results retained?

Retention is managed in your account; scan data is deletable on demand and purged within 30 days of cancellation, and it is never sold or used for model training.