# Track governance and security rule violations in the API definition
Postman supports API governance and API security rules for API specifications in [OpenAPI 3.1](/docs/api-governance/api-definition/openapi3/), [OpenAPI 3.0](/docs/api-governance/api-definition/openapi3/), and [OpenAPI 2.0](/docs/api-governance/api-definition/openapi2/) formats in both [API Builder](#check-rule-violations-in-the-api-builder) and [Spec Hub](#check-rule-violations-in-spec-hub).
**Rule customization**. [Enterprise teams](https://www.postman.com/pricing/) can also customize the rules that Postman applies to API specifications. For more information, see [Configure API governance rules](/docs/api-governance/configurable-rules/configuring-api-governance-rules/) and [Manage API security rules](/docs/api-governance/configurable-rules/configuring-api-security-rules/).
## Check rule violations in the API Builder
To check the governance and security rule violations in an API specification in [the API Builder](/docs/design-apis/api-builder/overview/), do the following:
1. Click **APIs** in the sidebar, and then select the API you want to review.
2. From the API overview page, in the **Definition** section, click **View files**.
You can also click **APIs** in the sidebar, then select the API specification file directly.
3. Click **Rule** to see the list of rule violations.
To learn more about how rule violations can help you create consistent and secure API specifications, see [Viewing rule violations in your API definition](/docs/design-apis/api-builder/develop-apis/validating-elements-against-schema/#viewing-rule-violations-in-your-api-definition).
## Check rule violations in Spec Hub
To check the governance rule violations in an API specification in [Spec Hub](/docs/design-apis/specifications/overview/), do the following:
1. Click **Specs** in the sidebar, and then select an API specification you want to review.
2. Below the specification editor, click **Governance** to view the list of rule violations.
To learn more, see [View rule violations in your specification](/docs/design-apis/specifications/validate-a-specification/#view-rule-violations-in-your-specification).
## Track governance and security rule violations in CI/CD
This feature is available with [Postman Enterprise plans](https://www.postman.com/pricing/).
You can configure your CI/CD pipeline to enforce the [API Governance and Security](/docs/api-governance/configurable-rules/configuring-api-governance-rules/) rules configured for your team every time the pipeline runs. To do this, generate a [Postman CLI](/docs/postman-cli/postman-cli-overview/) configuration. Then add the generated configuration to the CI/CD pipeline you're using, as described in [Configure the Postman CLI for CI](/docs/integrations/ci-integrations/#configure-the-postman-cli-for-ci).
To generate a Postman CLI configuration, do the following:
1. In the collection runner's **Functional** tab, select **Automate runs via CLI**.
2. Under **Run on CI/CD**, click **Configure command** to open the **Generate Postman CLI Configuration** tab.
3. From the dropdown menus, select your desired options.
4. If you haven't already saved a Postman API key as a secret environment variable, click **Generate API Key** and [save the key](/docs/developer/postman-api/authentication/#use-your-postman-api-key).
5. Click **Copy Postman CLI Command**. This generates and copies the command you'll need in the next step.
6. Paste the generated command into your CI/CD build configuration file.
7. When your CI/CD pipeline runs, it will run the command, thus checking for governance and security rule violations.
To see the results, go to the build run page and use the arrows to expand the desired build. Next, expand the API specification to see the build's results and any rule violations, if applicable.
## Next steps
For the list of all the rule violations that Postman might show at the API specification phase of development, see [OpenAPI 3 rules](/docs/api-governance/api-definition/openapi3/) and [OpenAPI 2 rules](/docs/api-governance/api-definition/openapi2/).