Ensure that the global security field has rules defined

Error: Security object needs to have defined rules in its array and rules should be defined in the securityScheme
Bridgecrew Policy ID: BC_OPENAPI_4
Checkov Check ID: CKV_OPENAPI_4
Severity: HIGH

Security object needs to have defined rules in its array and rules should be defined in the securityScheme

Description

OpenAPI uses security schemes to reference authentication and authorization schemes. Your APIs should have authentication schemes in place and documented in the OpenAPI specification, as well as applied to individual operations or the whole API in the security details.

Fix

Ensure that you have a securityScheme component and application. For example:

components:
+  securitySchemes:
+    basicAuth:
+      type: http
+      scheme: basic

security:
+  - basicAuth: []

Did this page help you?