Dino

Product

What is Dino?

Dino is an API quality platform with twelve autonomous agents that test, document, and monitor REST and GraphQL APIs. It scans for security vulnerabilities, validates responses against OpenAPI specs, tests RBAC authorization matrices, and integrates into CI/CD pipelines with a single command: dino scan --fail-on-high.

Key capabilities

  • Nineteen fuzz strategies across six attack surfaces
  • RBAC matrix testing for every mutation across auth states
  • OpenAPI 3.0 and 3.1 response validation
  • CI/CD gate with --fail-on-high for merge protection
  • Twelve autonomous agents covering security, correctness, documentation, and more

Who uses Dino

  • Platform teams that need repeatable API gates on every pull request without slowing developers down.
  • Security-minded engineers who want fuzzing and auth boundary checks without maintaining bespoke scripts per service.
  • API owners who want documentation drift and schema mismatches caught before customers do.

How to get started

npm install -g @dino-hq/cli
echo "endpoint: https://your-api.com" > .dino.yml
dino scan

Requires Node.js 22 or newer.

FAQ

What is Dino in one sentence?

Dino is an API quality platform with twelve autonomous agents that test, document, and monitor REST and GraphQL APIs on every deploy, including security fuzzing, RBAC checks, and OpenAPI validation.

Is Dino only a security scanner?

No. Security is one dimension. Dino also checks correctness, documentation drift, performance signals, and lifecycle health so teams get one workflow instead of many disconnected tools.

Which API styles does Dino support?

REST with OpenAPI 3.0 and 3.1, plus GraphQL via introspection. Point Dino at your endpoint or spec and run dino scan.

How does Dino run in CI?

Install the CLI, commit a .dino.yml with your endpoint, then run dino scan --fail-on-high. The command exits non-zero when HIGH or CRITICAL findings appear so merges stay gated.

Does Dino need my production database?

No. Dino exercises your API from the outside using schema-driven tests. It does not read or store your production data.

How is Dino different from Postman?

Postman centers on human-driven requests and collections. Dino centers on autonomous checks that repeat on every deploy with consistent, deterministic output.

What does Shadow Mode mean?

Shadow Mode observes live traffic to build a baseline before Dino suggests fixes or takes automated action. It is designed to earn trust before it changes behavior.

Where do I install the CLI?

Run npm install -g @dino-hq/cli on macOS, Linux, or Windows with Node.js 22 or newer, then follow the install page for your first scan.

Install Dino·Meet the twelve agents·Pricing