Ensure that if the security scheme is not of type 'oauth2', the array value must be empty
Error: If the security scheme is not of type 'oauth2', the array value must be empty
Bridgecrew Policy ID: BC_OPENAPI_2
Checkov Check ID: CKV_OPENAPI_2
Severity: HIGH
Ensure that if the security scheme is not of type 'oauth2', the array value must be empty
Description
Only OAuth 2.0 defined in the securityDefinitions section should have a value in the security section.
Fix - Buildtime
OpenAPI
Ensure that your generated OpenAPI document does not include a security section for authentication types that are not OAuth 2.0. Below is an example:
securityDefinitions:
some_auth:
type: basic
- security:
- - some_auth:
- - write: some
- - read: some
Updated 11 months ago