RRepoGEO

REPOGEO REPORT · LITE

OWASP/crAPI

Default branch develop · commit 73d309cc · scanned 5/26/2026, 11:41:36 PM

GitHub: 1,513 stars · 571 forks

AI VISIBILITY SCORE
35 /100
Critical
Category recall
0 / 2
Not recommended in any query
Rule findings
1 pass · 1 warn · 0 fail
Objective metadata checks
AI knows your name
3 / 3
Direct prompts that named your repo
HOW TO READ THIS REPORT

Action plan is what to do next — copy-pasteable changes prioritized by impact. Category visibility is the real GEO test: when a user asks an AI a brand-free question that should surface OWASP/crAPI, does the AI actually recommend you — or your competitors? Objective checks verify the metadata signals AI engines weight first. Self-mention check detects whether AI even knows you exist by name.

Action plan — copy-paste fixes

3 prioritized changes generated by gemini-2.5-flash. Mark items done after you ship the fix.

OVERALL DIRECTION
  • highhomepage#1
    Add a homepage URL to the repository

    Why:

    COPY-PASTE FIX
    https://owasp.org/www-project-crapi/
  • hightopics#2
    Refine repository topics for better categorization

    Why:

    CURRENT
    api, apisecurity, hacktoberfest, owasp
    COPY-PASTE FIX
    api, apisecurity, owasp, vulnerable-api, security-training, microservices, docker
  • mediumreadme#3
    Explicitly mention 'OWASP API Security Top 10' in the README's opening

    Why:

    CURRENT
    **c**ompletely **r**idiculous **API** (crAPI) will help you to understand the ten most critical API security risks. crAPI is vulnerable by design, but you'll be able to safely run it to educate/train yourself.
    COPY-PASTE FIX
    **c**ompletely **r**idiculous **API** (crAPI) is an intentionally vulnerable application designed to help you understand and test against the **OWASP API Security Top 10** risks. crAPI is vulnerable by design, but you'll be able to safely run it to educate/train yourself.

Category GEO backends resolved for this scan: google/gemini-2.5-flash, deepseek/deepseek-v4-flash

Category visibility — the real GEO test

Brand-free queries asked to google/gemini-2.5-flash. Did AI recommend you, or someone else?

Same questions for every model — switch tabs to compare answers and rankings.

Recall
0 / 2
0% of queries surface OWASP/crAPI
Avg rank
Lower is better. #1 = top recommendation.
Share of voice
0%
Of all named tools, what % are you?
Top rival
bkimminich/juice-shop
Recommended in 1 of 2 queries
COMPETITOR LEADERBOARD
  1. bkimminich/juice-shop · recommended 1×
  2. WebGoat/WebGoat · recommended 1×
  3. ethicalhack3r/DVWA · recommended 1×
  4. erev0s/VAmPI · recommended 1×
  5. apisecurity/APISecurity.io · recommended 1×
  • CATEGORY QUERY
    What are some intentionally vulnerable APIs for practicing common security exploits and training?
    you: not recommended
    AI recommended (in order):
    1. OWASP Juice Shop (bkimminich/juice-shop)
    2. OWASP WebGoat (WebGoat/WebGoat)
    3. DVWA (Damn Vulnerable Web Application) (ethicalhack3r/DVWA)
    4. VAmPI (Vulnerable API) (erev0s/VAmPI)
    5. API Security Project (APISecurity.io) (apisecurity/APISecurity.io)
    6. Mutillidae II (webpwnized/mutillidae)
    7. Hack The Box (HTB) Labs

    AI recommended 7 alternatives but never named OWASP/crAPI. This is the gap to close.

    Show full AI answer
  • CATEGORY QUERY
    Need a platform to understand and test against the OWASP Top 10 API security risks.
    you: not recommended
    AI recommended (in order):
    1. OWASP Juice Shop
    2. OWASP API Security Top 10 Project
    3. Postman
    4. Newman
    5. Burp Suite
    6. ZAP
    7. APIsec
    8. Tricentis qTest
    9. Tosca

    AI recommended 9 alternatives but never named OWASP/crAPI. This is the gap to close.

    Show full AI answer

Objective checks

Rule-based audits of metadata signals AI engines weight most.

  • Metadata completeness
    warn

    Suggestion:

  • README presence
    pass

Self-mention check

Does AI even know your repo exists when asked about it directly?

  • Compared to common alternatives in this category, what is the core differentiator of OWASP/crAPI?
    pass
    AI named OWASP/crAPI explicitly

    AI answers can be confidently wrong. Read for accuracy: does it match your actual tech stack, audience, and differentiator?

  • If a team adopts OWASP/crAPI in production, what risks or prerequisites should they evaluate first?
    pass
    AI named OWASP/crAPI explicitly

    AI answers can be confidently wrong. Read for accuracy: does it match your actual tech stack, audience, and differentiator?

  • In one sentence, what problem does the repo OWASP/crAPI solve, and who is the primary audience?
    pass
    AI named OWASP/crAPI explicitly

    AI answers can be confidently wrong. Read for accuracy: does it match your actual tech stack, audience, and differentiator?

Embed your GEO score

Drop this badge into the README of OWASP/crAPI. It auto-updates whenever the report is rescanned and links back to the latest report — easy public proof that you care about AI discoverability.

RepoGEO badge previewLive preview
MARKDOWN (README)
[![RepoGEO](https://repogeo.com/badge/OWASP/crAPI.svg)](https://repogeo.com/en/r/OWASP/crAPI)
HTML
<a href="https://repogeo.com/en/r/OWASP/crAPI"><img src="https://repogeo.com/badge/OWASP/crAPI.svg" alt="RepoGEO" /></a>
Pro

Subscribe to Pro for deep diagnoses

OWASP/crAPI — Lite scans stay free; this card itemizes Pro deep limits vs Lite.

  • Deep reports10 / month
  • Brand-free category queries5 vs 2 in Lite
  • Prioritized action items8 vs 3 in Lite
OWASP/crAPI — RepoGEO report