Missing https protocol detected.

Rule ID: javascript_express_https_protocol_missing
Languages: javascript
Source: https_protocol_missing.yml

Description

Use HTTPS wherever possible. HTTPS uses the TLS (Transport Layer Security) protocol to encrypt communication, making it more secure than HTTP.

Remediations

✅ Use the https module when calling createServer()

var https = require('https');
var express = require('express');
var app = express();

var httpsServer = https.createServer(app)
httpsServer.listen(8080);

Resources

Express Security Best Practices: use TLS

Associated CWE

CWE-693: Protection Mechanism Failure

Configuration

To skip this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --skip-rule=javascript_express_https_protocol_missing

To run only this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --only-rule=javascript_express_https_protocol_missing

Ready to take the next step? Learn more about Bearer Cloud.