Protect Sidekiq::Web mounts with authentication
Sidekiq Web must not be exposed on public routes without an authentication or network guard.
#Metadata
#Why it matters
Unauthenticated Sidekiq Web consoles expose queues and often lead to remote code execution via job replay or configuration changes.
#Remediation
Wrap mounts in `authenticate`, add route constraints, use basic auth or VPN-only routing, and keep consoles off public networks.
#Repository path
The generated metadata points to critiq-rules/libs/rules/catalog/rules/ruby/ruby.security.sidekiq-web-unauthenticated-mount.rule.yaml.