Add Swagger/OpenAPI 3.0 docs and interactive Swagger UI for Thomas REST API#1055
Add Swagger/OpenAPI 3.0 docs and interactive Swagger UI for Thomas REST API#1055Copilot wants to merge 2 commits into
Orca Security Scan Summary
| Status | Check | Issues by priority | |
|---|---|---|---|
 Failed |
Infrastructure as Code |  1  1  35  25 |
View in Orca |
🛡️ The following IaC misconfigurations have been detected
| NAME | FILE | ||
|---|---|---|---|
|
Global Server Object Uses HTTP | ...swagger/openapi.yaml | View in code |
|
Response Code Missing (v3) | ...swagger/openapi.yaml | View in code |
|
Response Code Missing (v3) | ...swagger/openapi.yaml | View in code |
|
Response Code Missing (v3) | ...swagger/openapi.yaml | View in code |
|
Response Code Missing (v3) | ...swagger/openapi.yaml | View in code |
|
Response Code Missing (v3) | ...swagger/openapi.yaml | View in code |
|
Response Code Missing (v3) | ...swagger/openapi.yaml | View in code |
|
Response Code Missing (v3) | ...swagger/openapi.yaml | View in code |
|
Response Code Missing (v3) | ...swagger/openapi.yaml | View in code |
|
Response Code Missing (v3) | ...swagger/openapi.yaml | View in code |
|
Response Code Missing (v3) | ...swagger/openapi.yaml | View in code |
|
Response Code Missing (v3) | ...swagger/openapi.yaml | View in code |
|
Response Code Missing (v3) | ...swagger/openapi.yaml | View in code |
|
Response Code Missing (v3) | ...swagger/openapi.yaml | View in code |
|
Response Code Missing (v3) | ...swagger/openapi.yaml | View in code |
|
Response Code Missing (v3) | ...swagger/openapi.yaml | View in code |
|
Response Code Missing (v3) | ...swagger/openapi.yaml | View in code |
|
Response on operations that should have a body has undefined schema | ...swagger/openapi.yaml | View in code |
|
Response on operations that should have a body has undefined schema | ...swagger/openapi.yaml | View in code |
|
Empty Array | ...swagger/openapi.yaml | View in code |
|
Empty Array | ...swagger/openapi.yaml | View in code |
|
Empty Array | ...swagger/openapi.yaml | View in code |
|
Empty Array | ...swagger/openapi.yaml | View in code |
|
Path Is Ambiguous | ...swagger/openapi.yaml | View in code |
|
Path Is Ambiguous | ...swagger/openapi.yaml | View in code |
| ... | ... | ... | ... |
Annotations
Check failure on line 1 in http4s/src/main/resources/swagger/openapi.yaml
orca-security-us / Orca Security - Infrastructure as Code
[HIGH] Global Security Field Is Undefined
Details:
OpenAPI specifications without a global security field may expose API endpoints
without authentication or authorization controls, allowing unrestricted access.
Define a global security requirement referencing schemes from securitySchemes to
ensure baseline protection across all paths.
Recommendation:
A default security property should be defined
Check warning on line 374 in http4s/src/main/resources/swagger/openapi.yaml
orca-security-us / Orca Security - Infrastructure as Code
[INFO] Empty Array
Details:
OpenAPI specifications contain empty arrays that provide no functional value and
may indicate incomplete or misconfigured definitions. Empty arrays can cause
schema validation issues and confuse API consumers. Remove empty arrays or
populate them with appropriate values.
Recommendation:
The array should not be empty
Check warning on line 352 in http4s/src/main/resources/swagger/openapi.yaml
orca-security-us / Orca Security - Infrastructure as Code
[INFO] Empty Array
Details:
OpenAPI specifications contain empty arrays that provide no functional value and
may indicate incomplete or misconfigured definitions. Empty arrays can cause
schema validation issues and confuse API consumers. Remove empty arrays or
populate them with appropriate values.
Recommendation:
The array should not be empty
Check warning on line 330 in http4s/src/main/resources/swagger/openapi.yaml
orca-security-us / Orca Security - Infrastructure as Code
[INFO] Empty Array
Details:
OpenAPI specifications contain empty arrays that provide no functional value and
may indicate incomplete or misconfigured definitions. Empty arrays can cause
schema validation issues and confuse API consumers. Remove empty arrays or
populate them with appropriate values.
Recommendation:
The array should not be empty
Check warning on line 299 in http4s/src/main/resources/swagger/openapi.yaml
orca-security-us / Orca Security - Infrastructure as Code
[INFO] Empty Array
Details:
OpenAPI specifications contain empty arrays that provide no functional value and
may indicate incomplete or misconfigured definitions. Empty arrays can cause
schema validation issues and confuse API consumers. Remove empty arrays or
populate them with appropriate values.
Recommendation:
The array should not be empty
Check warning on line 197 in http4s/src/main/resources/swagger/openapi.yaml
orca-security-us / Orca Security - Infrastructure as Code
[INFO] Path Is Ambiguous
Details:
OpenAPI specifications contain ambiguous paths where different path strings
resolve to the same endpoint after parameter substitution. This creates routing
conflicts and unpredictable API behavior. Consolidate duplicate paths into a
single Path Object containing all operations.
Recommendation:
There shouldn't be ambiguous path
Check warning on line 96 in http4s/src/main/resources/swagger/openapi.yaml
orca-security-us / Orca Security - Infrastructure as Code
[INFO] Path Is Ambiguous
Details:
OpenAPI specifications contain ambiguous paths where different path strings
resolve to the same endpoint after parameter substitution. This creates routing
conflicts and unpredictable API behavior. Consolidate duplicate paths into a
single Path Object containing all operations.
Recommendation:
There shouldn't be ambiguous path
Check warning on line 242 in http4s/src/main/resources/swagger/openapi.yaml
orca-security-us / Orca Security - Infrastructure as Code
[INFO] Object Without Required Property
Details:
OpenAPI v3 specification objects lack required fields defined by the standard,
causing schema validation failures and potential client integration issues.
Missing required properties prevent proper API documentation parsing and code
generation. Include all mandatory fields as specified in the OpenAPI 3.0
specification.
Recommendation:
tags has all required fields
Check warning on line 411 in http4s/src/main/resources/swagger/openapi.yaml
orca-security-us / Orca Security - Infrastructure as Code
[INFO] Object Without Required Property
Details:
OpenAPI v3 specification objects lack required fields defined by the standard,
causing schema validation failures and potential client integration issues.
Missing required properties prevent proper API documentation parsing and code
generation. Include all mandatory fields as specified in the OpenAPI 3.0
specification.
Recommendation:
tags has all required fields
Check warning on line 371 in http4s/src/main/resources/swagger/openapi.yaml
orca-security-us / Orca Security - Infrastructure as Code
[INFO] Object Without Required Property
Details:
OpenAPI v3 specification objects lack required fields defined by the standard,
causing schema validation failures and potential client integration issues.
Missing required properties prevent proper API documentation parsing and code
generation. Include all mandatory fields as specified in the OpenAPI 3.0
specification.
Recommendation:
tags has all required fields
Check warning on line 172 in http4s/src/main/resources/swagger/openapi.yaml
orca-security-us / Orca Security - Infrastructure as Code
[INFO] Object Without Required Property
Details:
OpenAPI v3 specification objects lack required fields defined by the standard,
causing schema validation failures and potential client integration issues.
Missing required properties prevent proper API documentation parsing and code
generation. Include all mandatory fields as specified in the OpenAPI 3.0
specification.
Recommendation:
tags has all required fields
Check warning on line 296 in http4s/src/main/resources/swagger/openapi.yaml
orca-security-us / Orca Security - Infrastructure as Code
[INFO] Object Without Required Property
Details:
OpenAPI v3 specification objects lack required fields defined by the standard,
causing schema validation failures and potential client integration issues.
Missing required properties prevent proper API documentation parsing and code
generation. Include all mandatory fields as specified in the OpenAPI 3.0
specification.
Recommendation:
tags has all required fields
Check warning on line 256 in http4s/src/main/resources/swagger/openapi.yaml
orca-security-us / Orca Security - Infrastructure as Code
[INFO] Object Without Required Property
Details:
OpenAPI v3 specification objects lack required fields defined by the standard,
causing schema validation failures and potential client integration issues.
Missing required properties prevent proper API documentation parsing and code
generation. Include all mandatory fields as specified in the OpenAPI 3.0
specification.
Recommendation:
tags has all required fields
Check warning on line 120 in http4s/src/main/resources/swagger/openapi.yaml
orca-security-us / Orca Security - Infrastructure as Code
[INFO] Object Without Required Property
Details:
OpenAPI v3 specification objects lack required fields defined by the standard,
causing schema validation failures and potential client integration issues.
Missing required properties prevent proper API documentation parsing and code
generation. Include all mandatory fields as specified in the OpenAPI 3.0
specification.
Recommendation:
tags has all required fields
Check warning on line 150 in http4s/src/main/resources/swagger/openapi.yaml
orca-security-us / Orca Security - Infrastructure as Code
[INFO] Object Without Required Property
Details:
OpenAPI v3 specification objects lack required fields defined by the standard,
causing schema validation failures and potential client integration issues.
Missing required properties prevent proper API documentation parsing and code
generation. Include all mandatory fields as specified in the OpenAPI 3.0
specification.
Recommendation:
tags has all required fields
Check warning on line 98 in http4s/src/main/resources/swagger/openapi.yaml
orca-security-us / Orca Security - Infrastructure as Code
[INFO] Object Without Required Property
Details:
OpenAPI v3 specification objects lack required fields defined by the standard,
causing schema validation failures and potential client integration issues.
Missing required properties prevent proper API documentation parsing and code
generation. Include all mandatory fields as specified in the OpenAPI 3.0
specification.
Recommendation:
tags has all required fields
Check warning on line 349 in http4s/src/main/resources/swagger/openapi.yaml
orca-security-us / Orca Security - Infrastructure as Code
[INFO] Object Without Required Property
Details:
OpenAPI v3 specification objects lack required fields defined by the standard,
causing schema validation failures and potential client integration issues.
Missing required properties prevent proper API documentation parsing and code
generation. Include all mandatory fields as specified in the OpenAPI 3.0
specification.
Recommendation:
tags has all required fields
Check warning on line 327 in http4s/src/main/resources/swagger/openapi.yaml
orca-security-us / Orca Security - Infrastructure as Code
[INFO] Object Without Required Property
Details:
OpenAPI v3 specification objects lack required fields defined by the standard,
causing schema validation failures and potential client integration issues.
Missing required properties prevent proper API documentation parsing and code
generation. Include all mandatory fields as specified in the OpenAPI 3.0
specification.
Recommendation:
tags has all required fields
Check warning on line 220 in http4s/src/main/resources/swagger/openapi.yaml
orca-security-us / Orca Security - Infrastructure as Code
[INFO] Object Without Required Property
Details:
OpenAPI v3 specification objects lack required fields defined by the standard,
causing schema validation failures and potential client integration issues.
Missing required properties prevent proper API documentation parsing and code
generation. Include all mandatory fields as specified in the OpenAPI 3.0
specification.
Recommendation:
tags has all required fields
Check warning on line 33 in http4s/src/main/resources/swagger/openapi.yaml
orca-security-us / Orca Security - Infrastructure as Code
[INFO] Object Without Required Property
Details:
OpenAPI v3 specification objects lack required fields defined by the standard,
causing schema validation failures and potential client integration issues.
Missing required properties prevent proper API documentation parsing and code
generation. Include all mandatory fields as specified in the OpenAPI 3.0
specification.
Recommendation:
tags has all required fields