Trellix · API Governance Rules

Trellix API Rules

Spectral linting rules defining API design standards and conventions for Trellix.

9 Rules error 2 warn 6 info 1
View Rules File View on GitHub

Rule Categories

trellix

Rules

warn
trellix-operation-id-camel-case
Operation IDs must use camelCase
$.paths[*][*].operationId
warn
trellix-summary-title-case
Operation summaries must use Title Case
$.paths[*][*].summary
error
trellix-security-defined
All operations must define security requirements
$.paths[*][get,post,put,patch,delete]
error
trellix-response-200-get
All GET operations must define a 200 response
$.paths[*].get
warn
trellix-response-401-defined
Authenticated operations should define a 401 response
$.paths[*][get,post,put,patch,delete]
warn
trellix-tag-defined
All operations must have at least one tag
$.paths[*][get,post,put,patch,delete]
info
trellix-oauth2-bearer
Trellix APIs use OAuth 2.0 Bearer token authentication
$.components.securitySchemes
warn
trellix-path-kebab-case
API paths should use kebab-case
$.paths[*]~
warn
trellix-post-request-body
POST and PUT operations should define a request body
$.paths[*][post,put]

Spectral Ruleset

trellix-spectral-rules.yml Raw ↑ 
rules:
  trellix-operation-id-camel-case:
    description: Operation IDs must use camelCase
    message: "Operation ID '{{value}}' must use camelCase"
    severity: warn
    given: "$.paths[*][*].operationId"
    then:
      function: pattern
      functionOptions:
        match: "^[a-z][a-zA-Z0-9]*$"

  trellix-summary-title-case:
    description: Operation summaries must use Title Case
    message: "Summary '{{value}}' should use Title Case"
    severity: warn
    given: "$.paths[*][*].summary"
    then:
      function: pattern
      functionOptions:
        match: "^[A-Z][a-zA-Z0-9 /()+&-]*$"

  trellix-security-defined:
    description: All operations must define security requirements
    message: "Operation must define security requirements"
    severity: error
    given: "$.paths[*][get,post,put,patch,delete]"
    then:
      field: security
      function: defined

  trellix-response-200-get:
    description: All GET operations must define a 200 response
    message: "GET operation must define a 200 success response"
    severity: error
    given: "$.paths[*].get"
    then:
      field: responses.200
      function: defined

  trellix-response-401-defined:
    description: Authenticated operations should define a 401 response
    message: "Operation should define 401 Unauthorized"
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete]"
    then:
      field: responses.401
      function: defined

  trellix-tag-defined:
    description: All operations must have at least one tag
    message: "Operation must include at least one tag"
    severity: warn
    given: "$.paths[*][get,post,put,patch,delete]"
    then:
      field: tags
      function: defined

  trellix-oauth2-bearer:
    description: Trellix APIs use OAuth 2.0 Bearer token authentication
    message: "Security scheme should use OAuth 2.0 or Bearer token"
    severity: info
    given: "$.components.securitySchemes"
    then:
      function: defined

  trellix-path-kebab-case:
    description: API paths should use kebab-case
    message: "Path should use kebab-case"
    severity: warn
    given: "$.paths[*]~"
    then:
      function: pattern
      functionOptions:
        match: "^(/[a-z0-9][a-z0-9-]*(/[a-z0-9][a-z0-9-]*|/\\{[a-zA-Z][a-zA-Z0-9]*\\})*)+$"

  trellix-post-request-body:
    description: POST and PUT operations should define a request body
    message: "POST/PUT operation should define a requestBody"
    severity: warn
    given: "$.paths[*][post,put]"
    then:
      field: requestBody
      function: defined