vacuum is the worlds fastest OpenAPI 3, OpenAPI 2 / Swagger linter and quality analysis tool. Built in go, it tears through API specs faster than you can think. vacuum is compatible with Spectral rulesets and generates compatible reports.
v0.7.0 introduces a complete rebuild of the OWASP rule functions. They have now all been moved into custom functions. This was done because the previous rules were choking at scale, and all the paths were undecipherable.
All paths provided by all built in rules are now complete and detailed.
OWASP rules run much, much faster and have more detailed reporting and no duplicate errors.
Example functions re-written.
The examples functionality have all been rewritten. They now run much faster and are much more accurate. They have also been broken down into three rules, from the previous one.
Modified rule: oas3-valid-schema-example
This rule now ONLY checks that schemas provided by examples are valid.
This rule checks to ensure all Schemas, Parameters, Headers and Media Types have an examples or example field set,
and ensures that no empty values are provided.
This rule checks that no examples in Parameters, Headers and Media Types have used both an externalValue and a value property.
These modifications address #403 and #392
New feature 'Hard Mode'
All commands support the new -z / --hard-mode flag. This will enable every built-in rule in vacuum. This is the highest level of compliance available built into vacuum.
If you want to really test your OpenAPI spec, then try Hard Mode, and then feel sad.
Fixed spectral-report paths
Issues #295 and #304 have been addressed with the path cleanup work.
Dashboard and html-report updates
Only categories that triggered results are available in reports and the terminal UI now. #399
v0.7.0
introduces a complete rebuild of the OWASP rule functions. They have now all been moved into custom functions. This was done because the previous rules were choking at scale, and all the paths were undecipherable.This update should address issue #398
view OWASP functions
Example functions re-written.
The examples functionality have all been rewritten. They now run much faster and are much more accurate. They have also been broken down into three rules, from the previous one.
Modified rule:
oas3-valid-schema-example
This rule now ONLY checks that schemas provided by examples are valid.
New rule:
oas3-missing-example
view docs
This rule checks to ensure all Schemas, Parameters, Headers and Media Types have an
examples
orexample
field set, and ensures that no empty values are provided.New rule:
oas3-example-external-check
view docs
This rule checks that no examples in Parameters, Headers and Media Types have used both an
externalValue
and avalue
property.These modifications address #403 and #392
New feature 'Hard Mode'
All commands support the new
-z
/--hard-mode
flag. This will enable every built-in rule in vacuum. This is the highest level of compliance available built into vacuum.If you want to really test your OpenAPI spec, then try Hard Mode, and then feel sad.
Fixed
spectral-report
pathsIssues #295 and #304 have been addressed with the path cleanup work.
Dashboard and html-report updates
Only categories that triggered results are available in reports and the terminal UI now. #399