Mulesoft
- 06 Mar 2023
- 1 Minute to read
- Print
- DarkLight
- PDF
Mulesoft
- Updated on 06 Mar 2023
- 1 Minute to read
- Print
- DarkLight
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
Traceable and Mulesoft are better together. Mulesoft is one of the most popular API gateways and customers use it as the entry point for all the incoming API calls. Traceable can leverage that and, based on the traffic that comes from Mulesoft, creates a security posture for our customers. You can install Traceable easily with Mulesoft in one of the following ways:
With Mulesoft, security engineers and architects can get a 360-degree view of APIs in their environment and their security posture. Some of the common features that customers benefit from are the following:
- API Governance – With Mulesoft and Traceable together, API governance becomes much richer. Traceable adds risk-based governance to the same APIs that are already managed by Mulesoft. Risk-based governance lets customers understand the vulnerabilities that are present in those APIs, sensitive data exposure, authentication weaknesses etc.
- Shadow APIs – Just like the concept of Shadow APIs in Traceable, a list of APIs can be exported to Mulesoft that are not currently managed by it. This will enhance visibility within Mulesoft and provide the gateway management teams and architects a clear line of sight to the APIs that need to be moved into Mulesoft.
- Policy Gaps – By fetching the configuration from Mulesoft and comparing it to the traffic received for shadow APIs, we can discover gaps such as lack of HTTPS enforcement.
- Conformance Analysis—Mulesoft already has Open API specs for APIs that are managed through the gateway. Conformance analysis can show deviation from the specs in Mulesoft based on live traffic and results exported to Mulesoft.
- API Ownership – We are already integrating (bidirectional) with CMDB and pulling in ownership information. APIs in Mulesoft can be annotated with that information so that Mulesoft administrators can understand who owns which APIs.
Was this article helpful?