This Jenkins plugin allows you to add automated static application security testing (SAST) tasks automatically performed on API contract files during the CI/CD runs.
API contracts must be in OpenAPI (aka Swagger) format. Both JSON and YAML formats, and both v2 and v3 are supported.
The extension is using 42Crunch Security Audit functionality. 42Crunch Security Audit is a static analysis of the API definition that includes more than 200 checks on best practives and potential vulnerabilities in the way the API defines authentication, authorization, transport, data coming in and going out. See the API Security Encyclopedia for details.