Ensure that if the security scheme is not of type 'oauth2', the array value must be empty

Error: If the security scheme is not of type 'oauth2', the array value must be empty
Bridgecrew Policy ID: BC_OPENAPI_2
Checkov Check ID: CKV_OPENAPI_2
Severity: HIGH

Ensure that if the security scheme is not of type 'oauth2', the array value must be empty

Description

Only OAuth 2.0 defined in the securityDefinitions section should have a value in the security section.

Fix

Ensure that your generated OpenAPI document does not include a security section for authentication types that are not OAuth 2.0. Below is an example:

securityDefinitions:
  some_auth:
    type: basic
- security:
-  - some_auth:
-      - write: some
-      - read: some

Did this page help you?