api-spectral

Solid

API specification linting and security validation using Stoplight's Spectral with support for OpenAPI, AsyncAPI, and Arazzo specifications. Validates API definitions against security best practices, OWASP API Security Top 10, and custom organizational standards. Use when: (1) Validating OpenAPI/AsyncAPI specifications for security issues and design flaws, (2) Enforcing API design standards and governance policies across API portfolios, (3) Creating custom security rules for API specifications in CI/CD pipelines, (4) Detecting authentication, authorization, and data exposure issues in API definitions, (5) Ensuring API specifications comply with organizational security standards and regulatory requirements.

API & Backend 335 stars 29 forks Updated today

Install

View on GitHub

Quality Score: 85/100

Stars 20%

Recency 20%

100

Frontmatter 20%

Documentation 15%

100

Issue Health 10%

License 10%

Description 5%

100

Skill Content

# API Security with Spectral ## Overview Spectral is a flexible JSON/YAML linter from Stoplight that validates API specifications against security best practices and organizational standards. With built-in rulesets for OpenAPI v2/v3.x, AsyncAPI v2.x, and Arazzo v1.0, Spectral helps identify security vulnerabilities, design flaws, and compliance issues during the API design phase—before code is written. Custom rulesets enable enforcement of OWASP API Security Top 10 patterns, authentication standards, and data protection requirements across your entire API portfolio. ## Quick Start ### Installation ```bash # Install via npm npm install -g @stoplight/spectral-cli # Or using Yarn yarn global add @stoplight/spectral-cli # Or using Docker docker pull stoplight/spectral # Verify installation spectral --version ``` ### Basic API Specification Linting ```bash # Lint OpenAPI specification with built-in rules spectral lint openapi.yaml # Lint with specific ruleset spectral lint openapi.yaml --ruleset .spectral.yaml # Output as JSON for CI/CD integration spectral lint openapi.yaml --format json --output results.json ``` ### Quick Security Scan ```bash # Create security-focused ruleset echo 'extends: ["spectral:oas"]' > .spectral.yaml # Lint API specification spectral lint api-spec.yaml --ruleset .spectral.yaml ``` ## Core Workflow ### Workflow Checklist Progress: [ ] 1. Install Spectral and select appropriate base rulesets [ ] 2. Create or configure ruleset with securi...

Details

Author: aiskillstore
Repository: aiskillstore/marketplace
Created: 5 months ago
Last Updated: today
Language: Python
License: None

Integrates with

npm · DevTools

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Solid

openapi-validator

Validate OpenAPI specifications for correctness, security, and best practices

1,160 Updated today

a5c-ai

API & Backend Featured

validating-api-schemas

Validate API schemas against OpenAPI, JSON Schema, and GraphQL specifications. Use when validating API schemas and contracts. Trigger with phrases like "validate API schema", "check OpenAPI spec", or "verify schema".

2,274 Updated today

jeremylongshore

AI & Automation Solid

spectra-audit

Audit changed code for security sharp edges — dangerous defaults, type confusion, and silent failures

29 Updated yesterday

PsychQuant

AI & Automation Solid

openapi-swagger

Expert skill for OpenAPI/Swagger specification analysis, validation, and documentation generation. Parse and validate specs, detect breaking changes, generate code samples, and lint for best practices.

1,160 Updated today

a5c-ai

API & Backend Listed

api-security

API security review against OWASP API Top 10 2023. Covers auth (OAuth2/JWT/API-keys), object-level authorization (BOLA/IDOR), schema validation, rate-limiting, CORS, SSRF, and GraphQL-specific concerns (introspection, query depth, batching).

4 Updated 1 weeks ago

roodlicht