APICheck is an HTTP API DevSecOps toolset, it integrates existing HTTP APIs tools, creates execution chains easily and is designed for integration with third-party tools in mind.
APICheck is comprised of a set of tools that can be connected to each other to achieve different functionalities, depending on how they are connected. It allows you to create execution chains and it can not only integrate self-developed tools but also can leverage existing tools in order to take advantage of them to provide new functionality.
Each tool in APICheck is a Docker image. This means that tools are a black box that could receive some information into its standard input and write results to the standard or error outputs. Additionally, the return code can be used to stop the current chain.
Who is APICheck HTTP API DevSecOps Toolset for?
APICheck focuses not only in the security testing and hacking use cases, the goal of the project is to become a complete toolset for DevSecOps cycles. The tools are aimed to different user profiles:
- Developers
- System Administrators
- Security Engineers & Penetration Testers
To allow interoperability among commands and tools, all of them share a common JSON data format. In other words, APICheck commands output JSON documents, and accept them as input, too. This allows you to build pipelines (as we showed in the previous section).
Using APICheck HTTP API DevSecOps Toolset
Once installed, you can run the Package Manager by using the command acp.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
$ acp Usage: acp [-h] [-w] {list,info,install,version} ... APICheck Manager positional arguments: {list,info,install,version} available actions list search in A info show expanded tool info install install an APICheck tool version displays version optional arguments: -h, --help show this help message and exit -w, --disable-warning disable check of RC Shell File |
You can download APICheck here:
1 |
pip install apicheck-package-manager |
Or read more here.