Track governance and security rule violations in the API definition

Postman supports API governance and API security rules for API specifications in OpenAPI 3.1, OpenAPI 3.0, and OpenAPI 2.0 formats in both API Builder and Spec Hub.

Rule customization. Enterprise teams can also customize the rules that Postman applies to API specifications. For more information, see Configure API governance rules and Manage API security rules.

Check rule violations in the API Builder

To check the governance and security rule violations in an API specification in the API Builder, do the following:

  1. Click APIs in the sidebar, and then select the API you want to review.

  2. From the API overview page, in the Definition section, click View files.

    You can also click APIs in the sidebar, then select the API specification file directly.

  3. Click Rule to see the list of rule violations.

OpenAPI 3.0 rule violations in API Builder

To learn more about how rule violations can help you create consistent and secure API specifications, see Viewing rule violations in your API definition.

Check rule violations in Spec Hub

To check the governance rule violations in an API specification in Spec Hub, do the following:

  1. Click Specs in the sidebar, and then select an API specification you want to review.
  2. Below the specification editor, click Governance to view the list of rule violations.

OpenAPI 3.0 rule violations in Spec Hub

To learn more, see View rule violations in your specification.

Track governance and security rule violations in CI/CD

This feature is available with Postman Enterprise plans.

You can configure your CI/CD pipeline to enforce the API Governance and Security rules configured for your team every time the pipeline runs. To do this, generate a Postman CLI configuration. Then add the generated configuration to the CI/CD pipeline you’re using, as described in Configure the Postman CLI for CI.

To generate a Postman CLI configuration, do the following:

  1. In the collection runner’s Functional tab, select Automate runs via CLI.

  2. Under Run on CI/CD, click Configure command to open the Generate Postman CLI Configuration tab.

  3. From the dropdown menus, select your desired options.

  4. If you haven’t already saved a Postman API key as a secret environment variable, click Generate API Key and save the key.

  5. Click Copy Postman CLI Command. This generates and copies the command you’ll need in the next step.

    Generate the Postman CLI configuration

  6. Paste the generated command into your CI/CD build configuration file.

  7. When your CI/CD pipeline runs, it will run the command, thus checking for governance and security rule violations.

To see the results, go to the build run page and use the arrows to expand the desired build. Next, expand the API specification to see the build’s results and any rule violations, if applicable.

Next steps

For the list of all the rule violations that Postman might show at the API specification phase of development, see OpenAPI 3 rules and OpenAPI 2 rules.

Last modified: 2024/07/01

Postmanaut illustration for Administer Postman section.

Additional resources

Explore ready-to-use Collection Templates, build API-first workflows with Postman Flows, and more!

Collection Templates

Integration testing
REST API basics
API documentation
Authorization methods

Flows Templates

Add HubSpot contacts to Mailchimp lists
Create Airtable records from new deals in HubSpot
Create or update HubSpot contacts from customers on Stripe
Search Zendesk for tickets with Tag using Create with AI

AI Agent Templates

GitHub Issue Prioritization Agent
YouTube Community Moderation Agent
Customer Ticket Triage Agent
Incident Management Agent