API definition uses the 'x-42c-mtls' extension

Issue ID: v3_1-warning-x-42c-mtls-used

Description

The API definition has the vendor extension x-42c-mtls defined. While there are perfectly legitimate use cases for it, it can be dangerous if used in a wrong place.

The extension allows you to indicate to Security Audit that your API is protected with mTLS. In this case, Security Audit considers your API to be fully protected and does not deduct points from your security score, but reports non-mTLS security issues at severity level Info to avoid false positives failing security quality gates (SQGs). If the API in question is not actually protected with mTLS, this gives the wrong impressions that the security would be good when in fact it might be lacking.

For more details, see the x-42c-mtls.