Documentation
Golden path: convert → harden → lint → ci/gate → upload to Tenable WAS.
FroggerAPI is a validated handoff between development and security for API scanning. CI integration is optional—most teams use Frogger to keep Tenable scan inputs accurate and current.
Client Integration
FroggerAPI is designed for API-key–based automation. No login, no UI dependencies, no JWT handling required.
Quickstart
Prefer running real requests instead of reading docs? Use our Postman Collection or copy-paste curl examples.
Import the environment first, set your API key, then run the collection.
Security team workflow (recommended)
Dev teams submit Postman or OpenAPI. Frogger validates, normalizes, and versions the spec. Security uses the latest approved spec to configure Tenable WAS scans.
- Dev teams don’t need Tenable access
- Security gets consistent, scan-ready inputs
- Spec history + diffs + audit trail (Pro)
Onboarding 7 dev teams
A practical guide for security teams managing Postman/OpenAPI submissions across multiple dev teams.
- What to require from dev teams (and why)
- Avoid low-coverage scans & noisy findings
- Tenable auth tips (POST-only API guidance)
Why FroggerAPI exists
Most security teams don’t struggle with running Tenable WAS. They struggle with getting accurate, current API definitions to scan.
- Email is not a system of record
- Specs drift quietly over time
- Bad inputs produce bad scans
CI integration (optional)
Add FroggerAPI checks into CI if you want early visibility or a quality gate. This is not required for the security workflow.
- Copy/paste curl one-liner
- GitHub Actions + GitLab CI examples
- HTTP 422 semantics for gating
API reference
Endpoint details, parameters, and response schemas.
- Swagger / OpenAPI
- Request & response models
Tenable WAS guide
Practical guidance for configuring Tenable WAS API scans with OpenAPI.
- Importing OpenAPI into scan policies
- Keeping scan inputs current
- Common pitfalls and tips