[External Plugin]: Add 42Crunch API Security Testing plugin

[heshaam-42c]

Plugin name

42crunch-api-security-testing

Short description

Catch API security issues during development: audit, scan, remediate, validate with AI guardrails in GitHub Copilot.

GitHub repository

42Crunch-AI/copilot-plugins

Plugin path inside the repository

plugins/42crunch-api-security-testing

Ref to review

v1.0.6

Commit SHA to review

02ca9653346f6cd9bb8094240de0a925a53c101f

Version

1.0.6

License identifier

MIT

Author name

42Crunch

Author URL

https://github.com/42Crunch

Homepage URL

https://42crunch.com

Keywords

openapi
api-security
audit
scan
remediation
vulnerability
compliance
owasp
ai
devsecops

Additional notes for reviewers

Previously had opened PR-1658 to add the 42Crunch API Security Testing plugin to github/awesome-copilot. But, since we already maintain the plugin in a public repo here, I have opened this new external plugin request.

Submission checklist

• The plugin lives in a public GitHub repository.
• The ref and/or sha I provided is immutable (release tag and/or full 40-character commit SHA), not a branch.
• This submission follows this repository's contribution, security, and responsible AI policies.
• This plugin is not already listed in the Awesome Copilot marketplace.

[github-actions]

✅ External plugin intake passed

This submission passed automated intake validation and quality checks and is ready for maintainer review.

• Plugin: 42crunch-api-security-testing
• Repository: https://github.com/42Crunch-AI/copilot-plugins
• Ref: v1.0.6
• SHA: 02ca9653346f6cd9bb8094240de0a925a53c101f

Quality gate summary

Gate	Status
skill-validator	pass
install smoke test	pass

• skill-validator: pass
• install smoke test: pass
• overall: pass

skill-validator output

Found 6 skill(s)
[code-to-oas] 📊 code-to-oas: 4,540 BPE tokens [chars/4: 4,331] (standard ~), 31 sections, 5 code blocks
[code-to-oas]    ⚠  Skill is 4,540 BPE tokens (chars/4 estimate: 4,331) — approaching "comprehensive" range where gains diminish.
[42crunch-api-security-testing] 📊 42crunch-api-security-testing: 2,120 BPE tokens [chars/4: 2,169] (detailed ✓), 4 sections, 2 code blocks
[42crunch-scan] 📊 42crunch-scan: 1,525 BPE tokens [chars/4: 1,580] (detailed ✓), 4 sections, 2 code blocks
[postman-to-oas] 📊 postman-to-oas: 5,322 BPE tokens [chars/4: 5,332] (comprehensive ✗), 50 sections, 12 code blocks
[postman-to-oas]    ⚠  Skill is 5,322 BPE tokens (chars/4 estimate: 5,332) — "comprehensive" skills hurt performance by 2.9pp on average. Consider splitting into 2–3 focused skills.
[42crunch-audit] 📊 42crunch-audit: 1,034 BPE tokens [chars/4: 1,030] (detailed ✓), 3 sections, 1 code blocks
[42crunch-setup] 📊 42crunch-setup: 1,680 BPE tokens [chars/4: 1,637] (detailed ✓), 16 sections, 5 code blocks
✅ All checks passed (6 skill(s))

Install smoke test output

Install smoke test succeeded. Verified /tmp/external-plugin-quality-EjYCd5/copilot-home/.copilot/installed-plugins/external-plugin-intake/42crunch-api-security-testing/.github/plugin/plugin.json.

Canonical external.json payload

{
  "name": "42crunch-api-security-testing",
  "description": "Catch API security issues during development: audit, scan, remediate, validate with AI guardrails in GitHub Copilot.",
  "version": "1.0.6",
  "author": {
    "name": "42Crunch",
    "url": "https://github.com/42Crunch"
  },
  "repository": "https://github.com/42Crunch-AI/copilot-plugins",
  "homepage": "https://42crunch.com",
  "license": "MIT",
  "keywords": [
    "openapi",
    "api-security",
    "audit",
    "scan",
    "remediation",
    "vulnerability",
    "compliance",
    "owasp",
    "ai",
    "devsecops"
  ],
  "source": {
    "source": "github",
    "repo": "42Crunch-AI/copilot-plugins",
    "path": "plugins/42crunch-api-security-testing",
    "ref": "v1.0.6",
    "sha": "02ca9653346f6cd9bb8094240de0a925a53c101f"
  }
}

View workflow run

[heshaam-42c]

/rerun-intake

[heshaam-42c]

/rerun-intake

[heshaam-42c]

/rerun-intake

[heshaam-42c]

/rerun-intake

[heshaam-42c]

/rerun-intake

[heshaam-42c]

/rerun-intake