Ensure that securityDefinitions is defined and not empty
Error: OpenAPI securityDefinitions is not defined or is empty
Bridgecrew Policy ID: BC_OPENAPI_1
Checkov Check ID: CKV_OPENAPI_1
Severity: HIGH
OpenAPI securityDefinitions is not defined or is empty
Description
securityDefinitions in OpenAPI/Swagger 2.0 files allow you to define the authentication types that your API supports. Having no authentication exposes your APIs to attacks and having no documented authentication type makes it more difficult to understand accessing your API.
Fix - Buildtime
OpenAPI
Ensure that your OpenAPI 2.0 spec includes a securityDefinitions section. For example:
securityDefinitions:
BasicAuth:
type: basic
ApiKeyAuth:
type: apiKey
in: header
name: apiKey
OAuth2:
type: oauth2
flow: implicit
authorizationUrl: https://swagger.io/api/oauth/dialog
tokenUrl: https://swagger.io/api/oauth/token
scopes:
read: read
write: write
Updated 5 months ago