We are using 42Crunch for API security conformance scans, and we’re facing several challenges that are impacting our efficiency. Currently, our 42Crunch setup requires uploading a Swagger / Open API 3 JSON configuration to a central server for each scan, which is time-consuming and cumbersome, especially given the number of endpoints we have. Here’s a summary of the issues we’re facing:

Centralized Scans: Every conformance scan requires uploading our JSON to a central server, which is not ideal for quick testing and iterations.

Whole API Scanning: The tool scans all API endpoints each time, but I can only fix them one at a time. For an application with 100+ endpoints, the number of cycles required to address each issue individually is overwhelming.

Understanding Scan Reports: Developers often struggle to understand the scan reports, and since they need to upload changes and re-run the entire scan just to test fixes, this slows down the troubleshooting and fixing process.

We’re looking for a more efficient approach to manage these scans:

Is there a way to configure 42Crunch to allow scans of individual endpoints directly from a developer’s local machine?

Can we perform these tests without needing to upload to the central server each time?

Are there practices or tools within the 42Crunch ecosystem that support a more iterative, endpoint-specific testing approach?

Any guidance on how to streamline this process, or insights into configuring 42Crunch for more localized, faster testing cycles would be greatly appreciated.

Thank you in advance for your help!