Skip to main content
availability

Package: Invicti AppSec Core (on-demand)

MuleSoft Anypoint Exchange

Invicti AppSec Core can connect to MuleSoft Anypoint Exchange to automatically import Swagger 2, OpenAPI 3, and RAML API specifications into your API catalog. RAML specifications are converted to OpenAPI 2.x after import.

This document explains how to configure the Connected Apps permissions in MuleSoft and set up the source in Invicti AppSec Core.

Why this matters

MuleSoft Anypoint Exchange is where your integration and API teams publish and manage API specifications. Connecting it to Invicti AppSec Core means those specifications flow directly into your API catalog, so security scanning keeps pace with your development without requiring manual uploads.

Prerequisites

Before you begin, make sure you have a MuleSoft Anypoint Exchange account with API specification files. The Connected App used for authentication requires the following scopes:

  • Exchange Viewer
  • Profile
  • Background Access (for refresh token support)

Step 1: Configure the API source in Invicti AppSec Core

  1. Select Discovery > API sources from the left-side menu.
  2. Click Add source.
  3. Select the MuleSoft source type card.
  4. Click Continue.
  5. Enter a name for the source.
  6. Click Authenticate and save. You're redirected to MuleSoft to sign in.
  7. In MuleSoft, sign in and click Grant access to authorize Invicti AppSec Core.

Step 2: Synchronize

To run an immediate sync, click the sync icon next to the source on the API sources page. Imported specifications appear in your API catalog and can be linked to targets for DAST scanning.

Invicti AppSec Core automatically synchronizes with MuleSoft Anypoint Exchange every 24 hours. You can trigger a manual sync or turn off auto-sync using the toggle on the source.

Need help?

Invicti Support team is ready to provide you with technical help. Go to Help Center

Was this page useful?