Ensure that security requirement defined in securityDefinitions

Error: Security requirement not defined in the security definitions
Bridgecrew Policy ID: BC_OPENAPI_6
Checkov Check ID: CKV_OPENAPI_6
Severity: HIGH

Security requirement not defined in the security definitions

Description

Security definitions in the security section of a path or root should refer to an authentication scheme identified in the securityDefinitions section.

Fix - Buildtime

OpenAPI

Example:

...
security:
  - petstore_auth:
      - write:pets
      - read:pets
...
+ petstore_auth:
+    type: oauth2
+    authorizationUrl: http://swagger.io/api/oauth/dialog
+    flow: implicit
+    scopes:
+      write:pets: write
+      read:pets: read