Track governance and security rule violations in the API definition

Postman supports API governance and API security rules for API definitions in OpenAPI 3.1, OpenAPI 3.0, and OpenAPI 2.0 format.

Rule customization. Enterprise teams with the API Builder add-on can also customize the rules that Postman applies to API definitions. For more information, see Configuring API governance rules and Configuring API security rules.

To check the governance and security rule violations in the API definition:

  1. Select APIs in the sidebar, and then select the API you want to review.

  2. From the API overview page, in the Definition section, select View files.

    You can also select APIs in the sidebar, then select the API definition file directly.

  3. Select Rule to see the list of rule violations.

    OpenAPI 3.0 rule violations

To learn more about how rule violations can help you create consistent and secure API definitions, see Viewing rule violations in your API definition.

Tracking governance and security rule violations in CI/CD

This feature is available on Postman Enterprise plans with the API Builder add-on.

You can configure your CI/CD pipelines to enforce the API Governance and API Security rules configured for your team with the help of the Postman CLI.

On the Postman CLI configuration page, select Run Governance and Security rules. This will generate the Postman CLI configuration. You can use this in your CI/CD configuration to enforce your API Governance and API Security rules each time the CI/CD pipeline runs.

Generate the Postman CLI configuration

To see the results, go to the build run page and use the arrows to expand the desired build. Next, expand the API definition to see the build’s results and any rule violations, if applicable.

Next steps

For the list of all the rule violations that Postman might show at the API definition phase of development, see OpenAPI 3 rules and OpenAPI 2 rules.

Last modified: 2022/07/20