OpenAPI Security object needs to have defined rules in its array and rules should be defined in the securityScheme

Description

OpenAPI uses security schemes to reference authentication and authorization schemes. Your APIs should have authentication schemes in place and documented in the OpenAPI specification, as well as applied to individual operations or the entire API in the security details.

Code Example

yaml

components:
security:

Remediation

OpenAPI

Ensure that you have a securityScheme component and application. For example:

Rule Details

Field	Value
ID	IAC-1260
Severity	HIGH
IaC Type	OpenAPI
Frameworks	OpenAPI
Checkov ID	CKV_OPENAPI_4

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

OpenAPI Security object needs to have defined rules in its array and rules should be defined in the securityScheme

Description

Code Example

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

OpenAPI Security object needs to have defined rules in its array and rules should be defined in the securityScheme ​

Description ​

Code Example ​

Remediation ​

Rule Details ​

References ​

OpenAPI Security object needs to have defined rules in its array and rules should be defined in the securityScheme

Description

Code Example

Remediation

Rule Details

References