Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549862c2d618ca8eb9149d2354d3d161b5399aafcb3
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /branding
GET /generate-document
GET /get-posters
GET /health/origin
GET /health/ping
GET /person-types
GET /person-types-properties
GET /q/{id}
GET /questionnaire
GET /validate-employee
GET /view-config
POST /complete-questionnaire
POST /create-person-questionnaire
POST /problem-list
POST /review
Open service 2a00:1450:4001:80b::2013:443 · dev.gcp.api.andornow.andor.app
2026-01-31 18:17
HTTP/1.1 404 Not Found x-cloud-trace-context: a73e55440d13a9d8a2acd636d64abbdc date: Sat, 31 Jan 2026 18:17:23 GMT content-type: text/html server: Google Frontend Content-Length: 0 Connection: close
Open service 172.217.18.19:443 · dev.gcp.api.andornow.andor.app
2026-01-31 18:17
HTTP/1.1 404 Not Found x-cloud-trace-context: 82b911c3b17533a675ae40970536bcb6;o=1 date: Sat, 31 Jan 2026 18:17:23 GMT content-type: text/html server: Google Frontend Content-Length: 0 Connection: close
Open service 142.250.186.179:443 · dev.gcp.api.andornow.andor.app
2026-01-22 12:11
HTTP/1.1 404 Not Found x-cloud-trace-context: af5b9b8de84364d701701144ff847ea6 date: Thu, 22 Jan 2026 12:11:13 GMT content-type: text/html server: Google Frontend Content-Length: 0 Connection: close
Open service 142.250.186.179:443 · dev.gcp.api.andornow.andor.app
2026-01-10 01:17
HTTP/1.1 404 Not Found x-cloud-trace-context: f2a0bf0e23f20a3834447540fdf16d5a date: Sat, 10 Jan 2026 01:17:50 GMT content-type: text/html server: Google Frontend Content-Length: 0 Connection: close