Articles
Author
vacuum
Installing
Quick Start
About vacuum
Why?
Concepts
💥 Online Demo
FAQ
Ignoring Violations
Changelog
Configuring
VSCode Plugin
CLI Commands
Lint
vacuum Report
Dashboard
HTML Report
Spectral Report
References
Version
Bundle Spec
Generate RuleSet
Language Server
Developer API
API Quick Start
Spec Index
RuleResultSet
Loading RuleSet
Custom Go Functions
Custom JS Functions
Non-OpenAPI Files
Functions
Core Functions
OpenAPI Functions
OWASP Functions
Rules
Examples
OWASP
Operations/Paths
Schemas
Spec Information
Validation
Descriptions
Tags
Security
RuleSets
What are they?
Sharing RuleSets
No Rules/Off
Recommended Rules
Custom RuleSets
OWASP Rules
  • GitHub GitHub Repo stars
  • Discord Discord Server
    • ✨ New! Try the OpenAPI Doctor ✨ The OpenAPI Doctor

    owaspCheckSecurity

    owaspCheckSecurity will check global or operation level security has been defined.

    How do I use this function?

    This function is configured by the following functionOptions.

    NAME TYPE REQUIRED? DESCRIPTION
    schemesPath []string yes The key to look for (defaults to securitySchemes)
    nullable boolean yes Can be empty or not
    methods []string yes Which http methods to look through

    Example ruleset configuration

    my-security-rule:
  description: API should be protected by a `security` rule either at global or operation level.
  type: validation
  given: $
  then:
    function: owaspCheckSecurity
    functionOptions:
      schemesPath: 
        - securitySchemes
      nullable: true
      methods:
        - post
        - put
        - delete
        - patch

    Used by the following rules: