HP Fortify is flagging swagger-ui.js as insecure, citing Math.random() as "Insecure Randomness". I'm using Swagger UI v2.2.6. Has there been a fix or response for this?
Swagger UI v. 2.2.6 is a very old version (from 2016). Try the latest version, 3.32.4.
Version 3.32.4 uses Math.random() as well, which will warrant the HP Fortify warning as well. The code below is from swagger-ui-3.32.4\dist\swagger-ui.js
In that case, please open an issue here:
Math.random() is a commonly used function and is present in many popular libraries. SwaggerUI does not generate security sensitive context such as passwords or api keys. Thus, this notice should be a non-issue with regards to SwaggerUI.