API definition scan

Prisma Cloud scans the API definition files and generates a report for any errors, or shortcomings such as structural issues, compromised security, best practices, and so on. API definition scan supports scanning OpenAPI 2.X and 3.X definition files in either YAML or JSON formats.
You can use the following methods to scan an API definition file:
  • Upload API definition file to Console
  • Run twistcli, a CLI tool aimed for CI/CD. Twistcli scans the API definition file and returns a full report with issues.
  • Import an OpenAPI definition file into a WAAS app: When you import an OpenAPI definition file into a WAAS app, the Console automatically scans for issues. You can view the full report of the scan by navigating to
    API definition scan

twistcli reference for scanning API definition files

Run the following command:
$ ./twistcli waas openapi-scan </path/to/file/example.yaml>
twistcli waas openapi-scan [command options] [arguments...]
  • address value: Prisma Cloud Console URL. This is the value twistcli uses to connect to Console (required) (default: "")
  • exit-on-error: Immediately exits scan if an error is encountered (not supported with --containerized)
  • password value, -p value: Password for authenticating with Prisma Cloud Console. For Prisma Cloud Enterprise Edition, specify the secret key associated with the access key ID passed to --user [$TWISTLOCK_PASSWORD]
  • project value: Target pr