DEV Community

Cover image for The first Open-Sourced API security testing tool CI/CD integrated.
Nathan
Nathan

Posted on

The first Open-Sourced API security testing tool CI/CD integrated.

Hello Community!
Looking forward to hear your thoughts and get your feedback about this. 🙏
Today we released v0.7 of Cherrybomb and I want to tell you about all the new features, and the new integrations we have.

What is Cherrybomb? And how does it work?

CherryBomb is our opensource tool that validate your OpenAPI specification, it is designed for use with popular CI/CD tools such as Jenkins and Travis CI.
It is easy to use, and it integrates with these tools to provide a complete API security testing solution.

  • Active Check
    Image description
    The active module takes our API testing to a new level. By providing not only static testing and auditing of your OAS file (with the passive module), but a test that tests the API itself by sending requests and analyzing the responses. The Active module tests APIs by verifying that the API follows the specifications dictated in the OAS file and by testing the API for common security vulnerabilities.

  • Passive Check

Image description
Cherrybomb reads your API spec file (Open API Specification) and validates it for best practices and discovers common API design flaws.

There are also the Endpoint and Parameter tables, which sort out and inventory your entire API, using different keys.

Why use it?

API Security Testing can save you time and money by helping you to find and fix vulnerabilities in your code before they are exploited, I wrote an article about it.
By using API Security Testing, you can also ensure that your API is compliant with industry standards and best practices.

How do I get started?

There are two ways you can use Cherrybomb:

  • You can embed it into your CI pipeline, and If you plan on doing that I would recommend that you go to our website, sign up, go through the CI pipeline integration builder, and copy the groovy/GitHub actions snippet built for you. Example:

Image description

  • You can download it for some tryouts and testing using curl:
curl https://cherrybomb.blstsecurity.com/install    | /bin/bash && cherrybomb oas -f "home/Documents/file_openapi.json"
Enter fullscreen mode Exit fullscreen mode

What this means for the future of API development?

This is a good thing, as it will help to raise the level of security for all APIs. In the longer term, we can expect to see more APIs being developed with security builtin from the start. This will help to ensure that APIs are more secure, and will help to protect the data and systems that they interact with.

So I hope that you enjoy to read my article, if you have ideas or question, feel free to ask in the comments :)

💪 We are looking for contributors for Cherrybomb, together we can make API security easier and affordable for everyone.

If you're looking for a new open-sourced API security testing tool for CI/CD, look no further! We've got just the thing.
Star Cherrybomb and if you have questions or ideas Join our Discord server.

Top comments (0)