Do we need to scan OpenAPI Specification yaml file ? #6475
-
Hi Team, We are using the OpenAPI Specification as a definition language for describing, producing, consuming and visualizing REST web services. We are using OpenAPI Specification yaml file only for generating REST API spring boot controller classes . KICS (keeping infrastructure as code secure) is scanning the OpenAPI Specification yaml file and HIGH issues are reported. We would like to know whether we need to Please let me know if anyone faced the similar problem. I would appreciate any help and support. Regards, |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
Hi @shijinrajbosch , Since KICS was able to detect vulnerabilities, and some of them (42) have ‘HIGH’ severity, our recommendation is to fix them, so you make sure your REST API have the maximum security possible. Hope this information clarifies your doubts. |
Beta Was this translation helpful? Give feedback.
Hi @shijinrajbosch ,
Since KICS was able to detect vulnerabilities, and some of them (42) have ‘HIGH’ severity, our recommendation is to fix them, so you make sure your REST API have the maximum security possible.
Hope this information clarifies your doubts.