Hi Chanaka, On Mon, Jul 29, 2019 at 11:04 AM Chanaka Fernando <[email protected]> wrote:
> > - According to the diagram, we integrate with this 42Crunch security > audit platform at the time of the "design" phase. Based on our current > implementation, at the "Design" phase, we have not added security, > throttling, mediation or endpoint security capabilities into the API. If we > go down the path of "Creating an API from Scratch", we only have the > information like API name, context, methods, versioning, etc. at the design > phase. At this point, doing an audit on security, transports would be > premature since we haven't enabled them yet. Could you please explain the > reasoning behind this? > > With regards to this concern, the Security Audit feature will be accessible to the user not at the creation of the API but at any stage afterward when the user needs to edit the definition of the API. In the new API Manager (v.3.0) we don't need to worry about the wizard, specifically, the Design, Implement and Manage tabs when creating an API because, in the new version, API creation is made to have a minimalistic design for the user to easily create an API. There is a separate section named "API Definition" after API creation where the Security Audit feature will be accessible. > > - With the new microgateway and CI/CD based approaches, having a > similar capability through our CLI tool would be a great feature to have. > Do we have any plans on integrating this capability into our CLI tool? > > When it comes to the possibility of having a similar capability through the CLI tool as the report is mainly UI based, certain adaptations and dropping of incompatible features will have to be performed in order to do such an integration. Thanks, Sanjula -- *Sanjula Madurapperuma* | Software Engineering Intern | WSO2 Inc. (m) +94 768877766 | (e) [email protected] <http://wso2.com/signature>
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
