OpenAPI Security object for operations, if defined, must define a security scheme, otherwise it should be considered an error

Description

If security schemes are not defined in OpenAPI Security Objects for Operations, the API may be exposed without proper authentication, which could lead to unauthorized access. This could result in security vulnerabilities that can be exploited by attackers to gain access to sensitive data or perform unauthorized actions.

Code Example

yaml

paths:
  "/":
    get:
      operationId: id
      summary: example
-     security: []
+     security:
+       - OAuth2:
+           - write

Remediation

OpenAPI

Ensure that you have an authentication type in the security section of your path. For example:

Rule Details

Field	Value
ID	IAC-1261
Severity	HIGH
IaC Type	OpenAPI
Frameworks	OpenAPI
Checkov ID	CKV_OPENAPI_5

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

OpenAPI Security object for operations, if defined, must define a security scheme, otherwise it should be considered an error

Description

Code Example

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

OpenAPI Security object for operations, if defined, must define a security scheme, otherwise it should be considered an error ​

Description ​

Code Example ​

Remediation ​

Rule Details ​

References ​

OpenAPI Security object for operations, if defined, must define a security scheme, otherwise it should be considered an error

Description

Code Example

Remediation

Rule Details

References