OpenAPI Security Definitions Object should be set and not empty

Description

Define the authentication types that your API supports for OpenAPI/Swagger 2.0 in securityDefinitions. HNot defining authentication types exposes your APIs to attacks, while not documenting the authentication type makes it more difficult to understand how to access your API.

Code Example

yaml

securityDefinitions:
BasicAuth:
type: basic
ApiKeyAuth:
type: apiKey
in: header
name: apiKey
OAuth2:
type: oauth2
flow: implicit
authorizationUrl: https://swagger.io/api/oauth/dialog
tokenUrl: https://swagger.io/api/oauth/token
scopes:
read: read
write: write

Remediation

OpenAPI

Ensure that your OpenAPI 2.0 spec includes a securityDefinitions section. For example:

Rule Details

Field	Value
ID	IAC-1257
Severity	HIGH
IaC Type	OpenAPI
Frameworks	OpenAPI
Checkov ID	CKV_OPENAPI_1

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

OpenAPI Security Definitions Object should be set and not empty

Description

Code Example

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

OpenAPI Security Definitions Object should be set and not empty ​

Description ​

Code Example ​

Remediation ​

Rule Details ​

References ​

OpenAPI Security Definitions Object should be set and not empty

Description

Code Example

Remediation

Rule Details

References