Ensure SecurityDefinitions Is Defined And Not Empty
Ensure that securityDefinitions is defined and not empty in OpenAPI version 2.0 and 3.0 files. Otherwise, the API may not be secure.
Risk Level: high
Platform: OpenAPI
Spectral Rule ID: OPENAPI001
REMEDIATION
Define securityDefinitions and ensure it is not empty.
swagger: '2.0'
info:
version: 1.0.0
title: Sample API
+ securityDefinitions:
+ api_key:
+ type: apiKey
+ name: api_key
+ in: header
paths:
/users:
get:
security:
- api_key: []
responses:
'200':
description: A list of users.
# OR
openapi: 3.0.0
info:
version: 1.0.0
title: Sample API
+ components:
+ securitySchemes:
+ app_id:
+ .
+ .
+ .
paths:
/users:
get:
summary: List all users
+ security:
+ - app_id: []
responses:
'200':
description: A list of users.
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/User'
Read more:
Updated over 1 year ago