extends: - spectral:oas # Spectral linting rules for the CloudGuard CNAPP (Dome9 v2) REST API # and any OpenAPI describing CloudGuard-related services. rules: cloudguard-info-contact: description: API contact information must be present. severity: error given: "$.info" then: field: contact function: truthy cloudguard-info-license: description: API license must be declared. severity: warn given: "$.info" then: field: license function: truthy cloudguard-server-https: description: All server URLs must use HTTPS. severity: error given: "$.servers[*].url" then: function: pattern functionOptions: match: "^https://" cloudguard-server-versioned: description: CloudGuard control-plane paths must be versioned (/v{N}/). severity: warn given: "$.paths" then: function: schema functionOptions: schema: type: object patternProperties: "^/v\\d+/.*": {} additionalProperties: true cloudguard-auth-required: description: A security scheme must be declared (CloudGuard uses HTTP Basic with API key + secret). severity: error given: "$.components.securitySchemes" then: function: truthy cloudguard-operation-id: description: Every operation must declare a unique operationId. severity: error given: "$.paths[*][get,post,put,patch,delete]" then: field: operationId function: truthy cloudguard-operation-tags: description: Every operation must declare at least one tag. severity: warn given: "$.paths[*][get,post,put,patch,delete]" then: field: tags function: schema functionOptions: schema: type: array minItems: 1 cloudguard-operation-summary: description: Every operation must include a short summary. severity: warn given: "$.paths[*][get,post,put,patch,delete]" then: field: summary function: truthy cloudguard-error-responses: description: Mutating operations should declare 4xx error responses. severity: warn given: "$.paths[*][post,put,patch,delete].responses" then: function: schema functionOptions: schema: type: object anyOf: - required: ["400"] - required: ["401"] - required: ["403"] - required: ["404"]