Track governance and security rule violations in the API specification

Postman supports API governance and API security rules for API specifications in OpenAPI 3.1, OpenAPI 3.0, and OpenAPI 2.0 formats in Spec Hub.

Check rule violations in Spec Hub

To check the governance rule violations in an API specification in Spec Hub, do the following:

1. Expand Specs in the sidebar, and then select an API specification you want to review.
2. Below the specification editor, click Governance to view the list of rule violations.

To learn more, see View rule violations in your specification.

Track governance and security rule violations in CI/CD

You can configure your CI/CD pipeline to enforce the API Governance and Security rules configured for your team every time the pipeline runs. To do this, generate a Postman CLI configuration. Then add the generated configuration to the CI/CD pipeline you’re using, as described in Configure the Postman CLI for CI.

To generate a Postman CLI configuration, do the following:

1. In the collection runner’s Functional tab, select Automate runs via CLI.
2. Under Run on CI/CD, click Configure command to open the Generate Postman CLI Configuration tab.
3. From the dropdown menus, select your desired options.
4. If you haven’t already saved a Postman API key as a secret environment variable, click Generate API Key and save the key.
5. Click Copy Postman CLI Command. This generates and copies the command you’ll need in the next step.
6. Paste the generated command into your CI/CD build configuration file.
7. When your CI/CD pipeline runs, it will run the command and check for governance and security rule violations.

Next steps

For the list of all the rule violations that Postman might show at the API specification phase of development, see OpenAPI 3 rules and OpenAPI 2 rules.