-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy path.spectral.yml
28 lines (26 loc) · 1.1 KB
/
.spectral.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
extends:
- spectral:oas
- https://unpkg.com/@stoplight/[email protected]/dist/ruleset.js
- https://raw.githubusercontent.com/BetterCloud/spectral-redos-detector-ruleset/main/dist/ruleset.js
- ./spectral/ruleset.yml
functionsDir: ./spectral/functions
functions:
- ensurePropertiesExample
- ensureAllArraysHaveItemTypes
- ensureSnakeCaseWithDigits
- validateOperationIdNaming
- ensureCommonHttpMethods
- ensure4xxAnd5xxUseErrorBody
- ensureISOFormat
- ensureCommonHttpCodes
- ensureMeaningfulParameterNames
- ensureParametersUseRef
- ensureWrappedResponses
rules:
contact-properties: off
operation-singular-tag: off
owasp:api2:2019-jwt-best-practices: off # Cannot read `type` of null, seems to not handle securityScheme $ref
owasp:api4:2019-string-restricted: warn
owasp:api4:2019-rate-limit-retry-after: warn # don't break the build until we have adopted the real rate limiter
owasp:api4:2019-string-limit: warn # don't break the build but warn so that best judgement can be used
owasp:api2:2019-no-credentials-in-url: warn # its picking up pageToken as a credential