Ensure that the global security field has rules defined
Error: Security object needs to have defined rules in its array and rules should be defined in the securityScheme
Bridgecrew Policy ID: BC_OPENAPI_4
Checkov Check ID: CKV_OPENAPI_4
Severity: HIGH
Security object needs to have defined rules in its array and rules should be defined in the securityScheme
Description
OpenAPI uses security schemes to reference authentication and authorization schemes. Your APIs should have authentication schemes in place and documented in the OpenAPI specification, as well as applied to individual operations or the whole API in the security details.
Fix - Buildtime
OpenAPI
Ensure that you have a securityScheme component and application. For example:
components:
+ securitySchemes:
+ basicAuth:
+ type: http
+ scheme: basic
security:
+ - basicAuth: []
Updated 11 months ago