| title | scan openapi |
|---|---|
| description | Scan all endpoints defined in an OpenAPI specification. |
Load an OpenAPI specification (local file or remote URL) and run security scans against every operation it defines.
vulnapi scan openapi <PATH_OR_URL> [flags]| Flag | Default | Description |
|---|---|---|
--security-schemes <name=value> |
`` | Override the token value for a named security scheme (repeatable) |
Also accepts all common flags.
A token piped via stdin is used as the default value for all security schemes that accept a bearer token. Named overrides from --security-schemes take precedence.
echo "<token>" | vulnapi scan openapi ./openapi.jsonLocal spec with a token piped via stdin
echo "<token>" | vulnapi scan openapi ./openapi.jsonRemote spec with a token piped via stdin
echo "<token>" | vulnapi scan openapi https://api.example.com/.well-known/openapi.jsonNamed security scheme override
vulnapi scan openapi ./openapi.json --security-schemes bearerAuth=<token>Multiple scheme overrides
vulnapi scan openapi ./openapi.json \
--security-schemes bearerAuth=<token> \
--security-schemes apiKey=<key>| Code | Meaning |
|---|---|
0 |
Scan completed successfully |
1 |
Fatal error (invalid spec, network failure, etc.) |
When a finding exceeds --severity-threshold, additional output is written to stderr. See exit behaviour.