Proposal: alternative OAS tool with extensible rules

[ioggstream]

Proposal

I'm willing to provide another OAS3 linting tool based on Spectral. I'm working on a set of security rules which are not provided by speccy, to ensure:

• numbers, strings and arrays are properly constrained;
• endpoints use https://
• Cache policy prevent euristic caching
• PATCH content-type avoids bad behavior

Notes

• I chose Spectral because it supports both javascript and yaml rules;
• rule sources are here but you can just use the assembled spectral.yml
• the initial work on security rules is here and it will be delivered in another file (eg. spectral-security.yml)

Your feedback is welcome!

[cr0hn]

It sound very good! Maybe would be possible to integrate it and send us a PR?

Integrating a new tools is really easy:

https://bbva.github.io/apicheck/docs/integrating-new-tools

[ioggstream]

@cr0hn I'll asap it :)

[ioggstream]

@cr0hn done :P if you want to share some thoughts on API security checks, please let me know.

[cr0hn]

WoW nice!