Configuration: Subresource Integrity Missing¶

Identifier: subresource_integrity_missing

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

Missing Subresource Integrity attributes when loading external scripts means there's no way to verify resources haven't been tampered with, potentially allowing attackers to inject malicious code.

How we test: We analyze frontend HTML and JavaScript to detect if external scripts are loaded without Subresource Integrity attributes. We check if SRI hashes are properly included to verify script integrity and prevent tampering.

References:

https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity

Configuration¶

Example¶

Example configuration:

---
security_tests:
  subresource_integrity_missing:
    skip: false

Reference¶

`skip`¶

Type : boolean

Skip the test if true.