Schemes should be defined

Description

You have not defined the schemes field in your API.

The Open API Specification (OAS) does not define the schemes field as mandatory and states that when missing, the default scheme is the same as used to access your API definition itself. However, because API definitions are uploaded to 42Crunch Platform, not retrieved from URLs, Security Audit cannot infer the default scheme.

For more details, see the OpenAPI Specification.

Example

The following is an example of how this issue could look in your API definition:

1swagger: "2.0"
2info:
3  version: 1.0.0
4  title: Swagger Petstore
5host: petstore.swagger.io
6basePath: /v1
7schemes: []
8

Remediation

Make sure that you have defined at least one scheme for your API:

1swagger: "2.0"
2info:
3  version: 1.0.0
4  title: Swagger Petstore
5host: petstore.swagger.io
6basePath: /v1
7schemes:
8  - https
9

Copyright 42Crunch 2021