| 0 |
CKV_OPENAPI_1 |
resource |
securityDefinitions |
Ensure that securityDefinitions is defined and not empty - version 2.0 files |
OpenAPI |
https://github.com/bridgecrewio/checkov/blob/main/checkov/openapi/checks/resource/v2/SecurityDefinitions.py |
| 1 |
CKV_OPENAPI_2 |
resource |
security |
Ensure that if the security scheme is not of type ‘oauth2’, the array value must be empty - version 2.0 files |
OpenAPI |
https://github.com/bridgecrewio/checkov/blob/main/checkov/openapi/checks/resource/v2/Oauth2SecurityRequirement.py |
| 2 |
CKV_OPENAPI_3 |
resource |
components |
Ensure that security schemes don’t allow cleartext credentials over unencrypted channel - version 3.x.y files |
OpenAPI |
https://github.com/bridgecrewio/checkov/blob/main/checkov/openapi/checks/resource/v3/CleartextOverUnencryptedChannel.py |
| 3 |
CKV_OPENAPI_4 |
resource |
security |
Ensure that the global security field has rules defined |
OpenAPI |
https://github.com/bridgecrewio/checkov/blob/main/checkov/openapi/checks/resource/generic/GlobalSecurityFieldIsEmpty.py |
| 4 |
CKV_OPENAPI_5 |
resource |
security |
Ensure that security operations is not empty. |
OpenAPI |
https://github.com/bridgecrewio/checkov/blob/main/checkov/openapi/checks/resource/generic/SecurityOperations.py |
| 5 |
CKV_OPENAPI_6 |
resource |
security |
Ensure that security requirement defined in securityDefinitions - version 2.0 files |
OpenAPI |
https://github.com/bridgecrewio/checkov/blob/main/checkov/openapi/checks/resource/v2/SecurityRequirement.py |
| 6 |
CKV_OPENAPI_7 |
resource |
security |
Ensure that the path scheme does not support unencrypted HTTP connection where all transmissions are open to interception- version 2.0 files |
OpenAPI |
https://github.com/bridgecrewio/checkov/blob/main/checkov/openapi/checks/resource/v2/PathSchemeDefineHTTP.py |
| 7 |
CKV_OPENAPI_8 |
resource |
security |
Ensure that security is not using ‘password’ flow in OAuth2 authentication - version 2.0 files |
OpenAPI |
https://github.com/bridgecrewio/checkov/blob/main/checkov/openapi/checks/resource/v2/Oauth2SecurityPasswordFlow.py |
| 8 |
CKV_OPENAPI_9 |
resource |
paths |
Ensure that security scopes of operations are defined in securityDefinitions - version 2.0 files |
OpenAPI |
https://github.com/bridgecrewio/checkov/blob/main/checkov/openapi/checks/resource/v2/OperationObjectSecurityScopeUndefined.py |
| 9 |
CKV_OPENAPI_10 |
resource |
paths |
Ensure that operation object does not use ‘password’ flow in OAuth2 authentication - version 2.0 files |
OpenAPI |
https://github.com/bridgecrewio/checkov/blob/main/checkov/openapi/checks/resource/v2/Oauth2OperationObjectPasswordFlow.py |
| 10 |
CKV_OPENAPI_11 |
resource |
securityDefinitions |
Ensure that operation object does not use ‘password’ flow in OAuth2 authentication - version 2.0 files |
OpenAPI |
https://github.com/bridgecrewio/checkov/blob/main/checkov/openapi/checks/resource/v2/Oauth2SecurityDefinitionPasswordFlow.py |
| 11 |
CKV_OPENAPI_12 |
resource |
securityDefinitions |
Ensure no security definition is using implicit flow on OAuth2, which is deprecated - version 2.0 files |
OpenAPI |
https://github.com/bridgecrewio/checkov/blob/main/checkov/openapi/checks/resource/v2/Oauth2SecurityDefinitionImplicitFlow.py |
| 12 |
CKV_OPENAPI_13 |
resource |
securityDefinitions |
Ensure security definitions do not use basic auth - version 2.0 files |
OpenAPI |
https://github.com/bridgecrewio/checkov/blob/main/checkov/openapi/checks/resource/v2/SecurityDefinitionBasicAuth.py |
| 13 |
CKV_OPENAPI_14 |
resource |
paths |
Ensure that operation objects do not use ‘implicit’ flow, which is deprecated - version 2.0 files |
OpenAPI |
https://github.com/bridgecrewio/checkov/blob/main/checkov/openapi/checks/resource/v2/OperationObjectImplicitFlow.py |
| 14 |
CKV_OPENAPI_15 |
resource |
paths |
Ensure that operation objects do not use basic auth - version 2.0 files |
OpenAPI |
https://github.com/bridgecrewio/checkov/blob/main/checkov/openapi/checks/resource/v2/OperationObjectBasicAuth.py |
| 15 |
CKV_OPENAPI_16 |
resource |
paths |
Ensure that operation objects have ‘produces’ field defined for GET operations - version 2.0 files |
OpenAPI |
https://github.com/bridgecrewio/checkov/blob/main/checkov/openapi/checks/resource/v2/OperationObjectProducesUndefined.py |
| 16 |
CKV_OPENAPI_17 |
resource |
paths |
Ensure that operation objects have ‘consumes’ field defined for PUT, POST and PATCH operations - version 2.0 files |
OpenAPI |
https://github.com/bridgecrewio/checkov/blob/main/checkov/openapi/checks/resource/v2/OperationObjectConsumesUndefined.py |
| 17 |
CKV_OPENAPI_18 |
resource |
schemes |
Ensure that global schemes use ‘https’ protocol instead of ‘http’- version 2.0 files |
OpenAPI |
https://github.com/bridgecrewio/checkov/blob/main/checkov/openapi/checks/resource/v2/GlobalSchemeDefineHTTP.py |
| 18 |
CKV_OPENAPI_19 |
resource |
security |
Ensure that global security scope is defined in securityDefinitions - version 2.0 files |
OpenAPI |
https://github.com/bridgecrewio/checkov/blob/main/checkov/openapi/checks/resource/v2/GlobalSecurityScopeUndefined.py |