Ensure that security operations is not empty
Error: Security object for operations, if defined, must define a security scheme, otherwise it should be considered an error
Bridgecrew Policy ID: BC_OPENAPI_5
Checkov Check ID: CKV_OPENAPI_5
Severity: HIGH
Security object for operations, if defined, must define a security scheme, otherwise it should be considered an error
Description
The security section of the operation path applies an authentication method to that operation. Leaving it blank implies an exposed API without authentication.
Fix - Buildtime
OpenAPI
Ensure that you have an authentication type in the security section of your path. For example:
paths:
"/":
get:
operationId: id
summary: example
- security: []
+ security:
+ - OAuth2:
+ - write
Updated 11 months ago