Ensure that security operations is not empty

Error: Security object for operations, if defined, must define a security scheme, otherwise it should be considered an error
Bridgecrew Policy ID: BC_OPENAPI_5
Checkov Check ID: CKV_OPENAPI_5
Severity: HIGH

Security object for operations, if defined, must define a security scheme, otherwise it should be considered an error

Description

The security section of the operation path applies an authentication method to that operation. Leaving it blank implies an exposed API without authentication.

Fix

Ensure that you have an authentication type in the security section of your path. For example:

paths:
  "/":
    get:
      operationId: id
      summary: example
-     security: []
+     security:
+       - OAuth2:
+           - write

Did this page help you?