Migrating from Pynt to middleBrick

What middleBrick covers

Black-box scanning with no agents or SDK dependencies
Read-only methods under one minute per scan
12 OWASP API Top 10 categories plus LLM / AI Security
OpenAPI 3.0/3.1 and Swagger 2.0 parsing with $ref resolution
Authenticated scans with Bearer, API key, Basic, and Cookie
Continuous monitoring with diff detection and webhook alerts

Exporting your Pynt data

Pynt stores scan results in its database and allows export in JSON and CSV formats. Use the Pynt UI or API to retrieve findings, scan metadata, and historical scores. Export all relevant fields including endpoint paths, severity, and remediation notes. Validate the export by checking record counts and confirming timestamps match your expected scan windows before proceeding.

Rebuilding scan history in middleBrick

middleBrick does not ingest Pynt exports directly. Reconstruct history by importing your exported JSON/CSV into a structured store, then replay key findings as reference scans. Recreate the timeline using your stored timestamps and map Pynt issue types to middleBrick categories such as Authentication, BOLA, Data Exposure, and LLM / AI Security. Maintain a separate migration log that records mapping decisions and any manual adjustments for auditability.

Keeping CI wired up during the cutover

During migration, retain your existing CI checks while adding middleBrick as an additional gate. Update pipeline steps to call the middleBrick CLI for new scans, and configure the GitHub Action to fail the build based on score thresholds only after you validate rule alignment. Use feature flags or environment variables to toggle between Pynt and middleBrick, and ensure header allowlists and authenticated scan settings mirror your Pynt configuration to avoid false positives.

What you will miss and what you will gain

Pynt focuses on standard API security categories; middleBrick adds LLM / AI Security coverage with 18 adversarial probe types across Quick, Standard, and Deep tiers. You lose Pynt-specific report layouts and any proprietary tuning, and you will no longer use Pynt’s scanner engine. You gain OpenAPI spec parsing with recursive $ref resolution, cross-referenced runtime findings, and integrations that include an MCP server, web dashboard with score trends, and signed webhooks for automated tooling.

Compliance mapping and ongoing operations

middleBrick maps findings to PCI-DSS 4.0, SOC 2 Type II, and OWASP API Top 10 (2023). For other frameworks, it helps you prepare for and supports audit evidence collection through surfaced findings and configurable reports. In production, use continuous monitoring to schedule rescans, review diffs for new and resolved findings, and manage alerts via email or HMAC-SHA256 signed webhooks, with automatic disable after repeated delivery failures.

Frequently Asked Questions

Can I import Pynt scan JSON directly into middleBrick?

No, middleBrick does not accept Pynt export files. Reconstruct history by mapping exported findings to middleBrick categories and storing them in your own tracking system.

Will my existing GitHub Action workflows break during migration?

They will continue to run if unchanged. Update workflows to call middleBrick CLI or API, validate thresholds, and use feature flags to control rollout without disrupting production gates.

Does middleBrick perform active exploitation like SQL injection?

No. middleBrick is read-only and does not send destructive payloads, active SQL injection, or blind SSRF probes.

How are false positives handled?

middleBrick surfaces findings with remediation guidance. You tune scope and authenticated scan settings, and use diff detection across scans to distinguish true positives from noise.

Can I retain long-term scan data after canceling?

Customer data is deletable on demand and purged within 30 days of cancellation. It is never sold or used for model training.