Native GraphQL Scanning for Snyk API & Web
Snyk API & Web now supports GraphQL as an API target type with security tests for queries and mutations. Schema ingestion is available via URL, file upload, or direct introspection endpoint fetching, with new authentication settings to support GraphQL targets.
We’ve expanded our DAST capabilities by adding GraphQL as a supported API target type in Snyk API & Web. This enables security tests specifically designed for GraphQL operations, including queries and mutations. In addition to schema ingestion via URL or file upload, you can now fetch your schema directly from an introspection endpoint to ensure tests stay up to date. To support these scans, we've also updated our authentication settings to include dedicated options for GraphQL targets.
Source: original entry ↗