Apply Open Worldwide Application Security Project (OWASP) API rules to your OpenAPI specification using vacuum. Learn more about OWASP.

These rules were written by Ricardo Graça.

vacuum supports OWASP API rules out of the box!

To use them, you will need to create a ruleset that extends the vacuum:owasp ruleset.

Create a new file (something like owasp-rules.yaml) and add the following YAML to it:

extends: [[spectral:oas, recommended], [vacuum:owasp, all]]

This creates a ruleset that implements all of the Recommended Rules and the OWASP Rules.

vacuum command -r owasp-rules.yaml my-openapi-spec.yaml

Get ready to be told about all the things you are doing wrong!

What you see may hurt, but it’s for the good of the API.