Cybersecurity and Infrastructure Security Agency · API Governance Rules

Cybersecurity and Infrastructure Security Agency API Rules

Spectral linting rules defining API design standards and conventions for Cybersecurity and Infrastructure Security Agency.

5 Rules error 2 warn 3
View Rules File View on GitHub

Rule Categories

cisa

Rules

warn
cisa-kev-info-contact
CISA KEV API spec must declare a contact.
$.info
error
cisa-kev-server-https
All KEV servers must use HTTPS.
$.servers[*].url
warn
cisa-kev-tags-required
Every operation must declare at least one tag.
$.paths[*][get,post,put,patch,delete]
error
cisa-kev-operation-id-required
Every operation must declare an operationId.
$.paths[*][get,post,put,patch,delete]
warn
cisa-kev-public-no-auth
KEV feed is public; spec must not declare a global security requirement.
$

Spectral Ruleset

Raw ↑ 
extends: spectral:oas
rules:
  cisa-kev-info-contact:
    description: CISA KEV API spec must declare a contact.
    severity: warn
    given: $.info
    then:
      field: contact
      function: truthy
  cisa-kev-server-https:
    description: All KEV servers must use HTTPS.
    severity: error
    given: $.servers[*].url
    then:
      function: pattern
      functionOptions:
        match: '^https://'
  cisa-kev-tags-required:
    description: Every operation must declare at least one tag.
    severity: warn
    given: $.paths[*][get,post,put,patch,delete]
    then:
      field: tags
      function: truthy
  cisa-kev-operation-id-required:
    description: Every operation must declare an operationId.
    severity: error
    given: $.paths[*][get,post,put,patch,delete]
    then:
      field: operationId
      function: truthy
  cisa-kev-public-no-auth:
    description: KEV feed is public; spec must not declare a global security requirement.
    severity: warn
    given: $
    then:
      field: security
      function: falsy