Online Version : OWASP check or not Display

daveshanley / vacuum

vacuum is the worlds fastest OpenAPI 3, OpenAPI 2 / Swagger linter and quality analysis tool. Built in go, it tears through API specs faster than you can think. vacuum is compatible with Spectral rulesets and generates compatible reports.

https://quobix.com/vacuum

MIT License

490 stars 39 forks source link

Online Version : OWASP check or not Display #399

Closed LasneF closed 6 months ago

LasneF commented 6 months ago

Given the online sample , OWASP validation is not checked

but it is displayed as no error

1) if a rulesset is not enabled it should not be part of the reports otherwise it creates kind of lying experience

1) Online version should have a tick to check owasp or not (and if so should not display it as part of the report)

daveshanley commented 6 months ago

Yes this is a good idea. Will add.

LasneF commented 6 months ago

the online part has been implemented (point 2)

the (1) if if ruleset is not , we may close or not this ticket

daveshanley commented 6 months ago

I still need to adjust the html-report and the terminal UI to not show the OWASP categories, (or show a not enabled message). So let's keep this open until the job is fully done.

daveshanley commented 6 months ago

in v0.7.0 the categories that have no results are hidden from the HTML report and the dashboard (tui).

This is now complete.