ApiPosture: Scan your APIs in seconds
2-min setup. 100% local analysis. OWASP & Secrets detection.
5 followers
2-min setup. 100% local analysis. OWASP & Secrets detection.
5 followers
APIs are the #1 attack surface, but security shouldn't slow you down. ApiPosture is a developer-first, static analysis tool to find misconfigurations in seconds. 1 line to install, 1 line to run. Built for modern stacks (Python, Node,NET, Go, Java, PHP) it detects authorization gaps and OWASP Top 10 issues with zero false positives. Our core CLI is open-source (MIT) and 100% local. Your code never leaves your machine. Shift left, automate your CI/CD, fix API flaws before they hit production.
Hey there!
Thanks for checking out our APIPosture launch on Product Hunt. My partner Blago and I go way back and we’ve worked on multiple projects together and kept running into the same problem: API security vulnerabilities.
It’s built from scratch using ao .NET and Python, based on real-world API security challenges (see also Blago’s story below). We recently tested an alpha version in a small group of developers, incorporated their feedback, and are now excited to launch on PH.
Setup is simple: run it locally or in CI, scan your code, get results. That’s it. And important: Your code never leaves your environment.
Curious how others are handling API checks today and ofcourse what we can improve.
Feel free to reach out with any questions or feedback.
Hello everyone, super excited to have my first PH launch!
For a long time, even before AI came into play, I had a problem with visualization of all endpoints and their authorization rules. I mean, I had Swagger, and OpenAPI, but I needed to come into each endpoint, one by one, to remember whether I set a particular endpoint to be protected or not. So I built a tool that does exactly this, and I made it open-source.
But since it was super easy to install and scan in, like, a minute, I was wondering where I could go with this thing. That's when I started to work on Pro (OWASP and Secrets scanning) and the Enterprise version (compliance reports with SOC2 or ISO27001). The best thing, it still installs and scans in under 2 minutes, supporting over 10 frameworks spanned over 6 programming languages. All scans are done locally 100% and will remain like that in the future.
And with the help of my partner Martijn, we are launching this thing with a great deal of excitement, even if this week some AI models claim to do security scanning, they still upload your entire codebase, and cost like $20,000 in tokens.
Drop a question if you have some inquiry about products or founders!