Continuous security testing
One of the best way to stop wondering about security for your API, you might want to setup security scans in your continuous delivery tools.
The same way applications are now automatically deployed by CI/CD pipelines, you can bullet-proof your GraphQL application before it even reaches a production environment.
CI/CD security testing tools
graphql.security is a free, quick graphql security testing tool, allowing you to quickly assess the most common vulnerabilities in your application.
Escape is a GraphQL security SaaS platform, running a DAST (dynamic application security testing) tool on your api directly from a CI/CD environment.
This platform can be easily integrated into your existing CI/CD pipeline (Github Actions, Gitlab CIs, etc.), enabling you to set it up easily.
Security alerts will be directly reported in your CI/CD platform, making it faster than ever to address them.