External references outside the API definition are not supported in 42Crunch Platform

Issue ID: validation-external-reference

Description

One or more references to objects are external to the OpenAPI definition file, meaning that the path to the referred object points outside the OpenAPI definition file. External references are not supported when running API Security Audit in 42Crunch Platform or from a CI/CD pipeline, because Security Audit does not have access to those references and therefore cannot properly audit the referenced objects.

Remediation

Consider if external references are required, or if you could define the referenced objects in your OpenAPI file.

If that is not an option, you can run Security Audit from your IDE. The IDE extension OpenAPI (Swagger) Editor can parse external references in your OpenAPI definition if:

  • The files that the references point to are available locally on your computer.
  • The referenced HTTP or HTTPS URLs have been allowlisted in the settings of your IDE. For more details and to confirm that your IDE supports this, see the documentation of your IDE.

For more details on running Security Audit from your IDE, see IDE integration.