{"id":15663615,"url":"https://github.com/kevinswiber/spego","last_synced_at":"2026-03-11T04:02:42.240Z","repository":{"id":139469142,"uuid":"553873824","full_name":"kevinswiber/spego","owner":"kevinswiber","description":"A set of policies for Open Policy Agent to validate OpenAPI definitions.","archived":false,"fork":false,"pushed_at":"2023-12-14T18:29:00.000Z","size":652,"stargazers_count":20,"open_issues_count":1,"forks_count":2,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-05-06T17:58:59.709Z","etag":null,"topics":["conftest","linter","opa","open-policy-agent","openapi"],"latest_commit_sha":null,"homepage":"","language":"Open Policy Agent","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/kevinswiber.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-10-18T22:59:29.000Z","updated_at":"2025-04-19T09:16:57.000Z","dependencies_parsed_at":null,"dependency_job_id":"acfd306c-5827-41a7-8f35-3e26dc6cd02a","html_url":"https://github.com/kevinswiber/spego","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/kevinswiber/spego","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kevinswiber%2Fspego","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kevinswiber%2Fspego/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kevinswiber%2Fspego/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kevinswiber%2Fspego/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/kevinswiber","download_url":"https://codeload.github.com/kevinswiber/spego/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kevinswiber%2Fspego/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30370274,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-10T21:41:54.280Z","status":"online","status_checked_at":"2026-03-11T02:00:07.027Z","response_time":84,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["conftest","linter","opa","open-policy-agent","openapi"],"created_at":"2024-10-03T13:38:54.733Z","updated_at":"2026-03-11T04:02:42.226Z","avatar_url":"https://github.com/kevinswiber.png","language":"Open Policy Agent","funding_links":[],"categories":[],"sub_categories":[],"readme":"# spego\n\n[![bundle](https://github.com/kevinswiber/spego/actions/workflows/test.yaml/badge.svg)](https://github.com/kevinswiber/spego/actions/workflows/test.yaml)\n\nA set of policies for Open Policy Agent to validate OpenAPI definitions.\n\n- Use `opa eval` to execute policies against OpenAPI documents\n- Built-in support for [Conftest](https://conftest.dev)\n- Based on the rules used by [Spectral](https://github.com/stoplightio/spectral).\n\n## Usage\n\nSpego may be used as an Open Policy Agent (OPA) bundle. First, be sure to follow the [instructions to install OPA](https://www.openpolicyagent.org/docs/latest/#1-download-opa).\n\n```sh\ngit clone git@github.com:kevinswiber/spego.git\nopa eval \\\n  --bundle ./spego/src \\\n  --format pretty \\\n  --input ./spego/example/inputs/openapi.json \\\n  \"data.openapi.main.results\"\n```\n\nSpego can also be used with Conftest. First, be sure to follow the [instructions to download Conftest](https://www.conftest.dev/install/).\n\n```sh\nconftest pull git::https://github.com/kevinswiber/spego//src\nconftest test -n \"openapi.main\" ./openapi.json\n```\n\nNote: Policy execution can be configured by adding a data file named `data.openapi.ruleset` as defined in the [Configuration](#configuration) section.\n\n## Configuration\n\n- Supports a subset of Spectral custom rulesets, including [Changing Rule Severity](https://meta.stoplight.io/docs/spectral/e5b9616d6d50c-custom-rulesets#changing-rule-severity), [Recommended or All](https://meta.stoplight.io/docs/spectral/e5b9616d6d50c-custom-rulesets#recommended-or-all), [Disabling Rules](https://meta.stoplight.io/docs/spectral/e5b9616d6d50c-custom-rulesets#disabling-rules), and [Enabling Rules](https://meta.stoplight.io/docs/spectral/e5b9616d6d50c-custom-rulesets#enabling-rules).\n- Included as data in Open Policy Agent, under `data.openapi.ruleset`.\n- Configuration is optional. The recommended policies are executed by default.\n\n### Example configuration\n\n```yaml\nopenapi:\n  ruleset:\n    extends: [['spego:oas', 'recommended']]\n    rules:\n      operation-success-response: error\n      openapi-tags: true\n```\n\n## Policies (Rules)\n\n### contact-properties\n\nContact object must have \"name\", \"url\" and \"email\".\n\n### duplicated-entry-in-enum\n\nRecommended: true\n\nEnum values must not have duplicate entry.\n\n### info-contact\n\nRecommended: true\n\nInfo object must have \"contact\" object.\n\n### info-description\n\nRecommended: true\n\nInfo \"description\" must be present and non-empty string.\n\n### info-license\n\nInfo object must have \"license\" object.\n\n### license-url\n\nLicense object must include \"url\".\n\n### no-eval-in-markdown\n\nRecommended: true\n\nMarkdown descriptions must not have \"eval(\".\n\n### no-script-tags-in-markdown\n\nRecommended: true\n\nMarkdown descriptions must not have \"\u003cscript\u003e\" tags.\n\n### openapi-tags-uniqueness\n\nRecommended: true\n\nEach tag must have a unique name.\n\n### openapi-tags\n\nOpenAPI object must have non-empty \"tags\" array.\n\n### operation-description\n\nRecommended: true\n\nOperation \"description\" must be present and non-empty string.\n\n### operation-operationId-unique\n\nRecommended: true\n\nEvery operation must have unique \"operationId\".\n\n### operation-operationId-valid-in-url\n\nRecommended: true\n\noperationId must not have characters that are invalid when used in URL.\n\n### operation-operationId\n\nRecommended: true\n\nOperation must have \"operationId\".\n\n### operation-parameters\n\nRecommended: true\n\nOperation parameters are unique and non-repeating.\n\n### operation-singular-tag\n\nOperation must not have more than a singular tag.\n\n### operation-success-response\n\nRecommended: true\n\nOperation must have at least one \"2xx\" or \"3xx\" response.\n\n### operation-tag-defined\n\nRecommended: true\n\nOperation tags must be defined in global tags.\n\n### operation-tags\n\nRecommended: true\n\nOperation must have non-empty \"tags\" array.\n\n### path-declarations-must-exist\n\nRecommended: true\n\nPath parameter declarations must not be empty, ex.\"/given/{}\" is invalid.\n\n### path-keys-no-trailing-slash\n\nRecommended: true\n\nPath must not end with slash.\n\n### path-not-include-query\n\nRecommended: true\n\nPath must not include query string.\n\n### path-params\n\nRecommended: true\n\nPath parameters must be defined and valid.\n\n### tag-description\n\nTag object must have \"description\".\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkevinswiber%2Fspego","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkevinswiber%2Fspego","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkevinswiber%2Fspego/lists"}