Ensure SecurityDefinitions Is Defined And Not Empty

Ensure that securityDefinitions is defined and not empty in OpenAPI version 2.0 and 3.0 files. Otherwise, the API may not be secure.

Suggest Edits

Risk Level: high
Platform: OpenAPI
Spectral Rule ID: OPENAPI001

REMEDIATION

Define securityDefinitions and ensure it is not empty.

swagger: '2.0'
info:
  version: 1.0.0
  title: Sample API
+ securityDefinitions:
+   api_key:
+     type: apiKey
+     name: api_key
+     in: header
paths:
  /users:
    get:
      security:
        - api_key: []
      responses:
        '200':
          description: A list of users.

# OR

openapi: 3.0.0
info:
  version: 1.0.0
  title: Sample API
+ components:
+   securitySchemes:
+     app_id:
+       .
+       .
+       .
paths:
  /users:
    get:
      summary: List all users
+     security:
+       - app_id: []
      responses:
        '200':
          description: A list of users.
          content:
            application/json:
              schema:
                type: array
                items:
                  $ref: '#/components/schemas/User'

https://swagger.io/docs/specification/2-0/authentication/

Updated 7 months ago

REMEDIATION

Read more: