A Python CLI tool that audits OpenAPI 3.0 specifications for security and governance issues. Runs as a GitHub Actions CI/CD gate to block non-compliant API specs before they merge.
In regulated environments like finance and healthcare, API specs need to pass security checks before they ship. This tool automates that review so it happens on every pull request, not just when someone remembers to check.
-
Structural Validation: Ensures strict adherence to OpenAPI 3.0 standards.
-
Security Audit: Flags insecure
httpprotocols in server configurations to prevent unencrypted data transmission. -
Governance Enforcement: - Mandatory
descriptiontags for auditability and compliance.- Mandatory
operationIdfor consistent SDK generation and Developer Experience (DX).
- Mandatory
-
CLI-Native: Designed for seamless integration into CI/CD pipelines.
- A developer opens a PR that includes an OpenAPI spec (YAML)
- GitHub Actions triggers the linter automatically
- The linter validates structure (OpenAPI 3.0 compliance), checks for insecure protocols (http instead of https), and enforces governance rules (required descriptions, operation IDs)
- If any check fails, the PR is blocked with a clear error message
- The developer fixes the issue and pushes again
The repo includes both a valid and invalid example spec (api_spec_valid.yaml and api_spec_invalid.yaml) so you can see exactly what passes and what gets flagged.
- Language: Python 3.x
- Libraries: PyYAML, openapi-spec-validator
- Architecture: Modular CLI (argparse)
git clone https://github.com/iroussos25/prudential-linter.git
cd prudential-linter
pip install -r requirements.txt
python linter.py api_spec_valid.yaml # should pass
python linter.py api_spec_invalid.yaml # should fail with specific errors