{"id":20324596,"url":"https://github.com/netascode/nac-validate","last_synced_at":"2026-03-06T17:03:56.455Z","repository":{"id":48967259,"uuid":"499431601","full_name":"netascode/nac-validate","owner":"netascode","description":"A CLI tool to perform syntactic and semantic validation of YAML files.","archived":false,"fork":false,"pushed_at":"2026-02-18T09:08:36.000Z","size":808,"stargazers_count":19,"open_issues_count":4,"forks_count":15,"subscribers_count":3,"default_branch":"main","last_synced_at":"2026-02-20T17:12:22.136Z","etag":null,"topics":["iac","nac","netascode","semantic","syntactic","validation","yaml"],"latest_commit_sha":null,"homepage":"https://github.com/netascode/nac-validate","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/netascode.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2022-06-03T08:11:26.000Z","updated_at":"2026-02-18T09:07:36.000Z","dependencies_parsed_at":"2023-11-07T07:28:07.698Z","dependency_job_id":"7c610fcc-ac73-4f03-9bc9-e5161621aa76","html_url":"https://github.com/netascode/nac-validate","commit_stats":null,"previous_names":["netascode/nac-validate","netascode/iac-validate"],"tags_count":24,"template":false,"template_full_name":null,"purl":"pkg:github/netascode/nac-validate","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/netascode%2Fnac-validate","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/netascode%2Fnac-validate/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/netascode%2Fnac-validate/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/netascode%2Fnac-validate/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/netascode","download_url":"https://codeload.github.com/netascode/nac-validate/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/netascode%2Fnac-validate/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30186780,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-06T14:42:24.748Z","status":"ssl_error","status_checked_at":"2026-03-06T14:42:14.925Z","response_time":250,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["iac","nac","netascode","semantic","syntactic","validation","yaml"],"created_at":"2024-11-14T19:34:38.492Z","updated_at":"2026-03-06T17:03:56.412Z","avatar_url":"https://github.com/netascode.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![Tests](https://github.com/netascode/nac-validate/actions/workflows/test.yml/badge.svg)](https://github.com/netascode/nac-validate/actions/workflows/test.yml)\n![Python Support](https://img.shields.io/badge/python-3.10%20%7C%203.11%20%7C%203.12%20%7C%203.13-informational \"Python Support: 3.10, 3.11, 3.12, 3.13\")\n\n# nac-validate\n\nA CLI tool to perform syntactic and semantic validation of YAML files.\n\n```\n$ nac-validate --help\n\nUsage: nac-validate [OPTIONS] PATHS...\n\nA CLI tool to perform syntactic and semantic validation of YAML files.\n\nArguments:\n  PATHS...  List of paths pointing to YAML files or directories [required]\n\nOptions:\n  -v, --verbosity [DEBUG|INFO|WARNING|ERROR|CRITICAL]\n                        Verbosity level [env: NAC_VALIDATE_VERBOSITY] [default: WARNING]\n  -s, --schema FILE     Path to schema file [env: NAC_VALIDATE_SCHEMA] [default: .schema.yaml]\n  -r, --rules DIRECTORY Path to directory with semantic validation rules \n                        [env: NAC_VALIDATE_RULES] [default: .rules]\n  -o, --output FILE     Write merged content from YAML files to a new YAML file\n                        [env: NAC_VALIDATE_OUTPUT]\n  --non-strict          Accept unexpected elements in YAML files\n                        [env: NAC_VALIDATE_NON_STRICT]\n  --version             Display version number\n  --help                Show this message and exit\n```\n\nSyntactic validation is done by basic YAML syntax validation (e.g., indentation) and by providing a [Yamale](https://github.com/23andMe/Yamale) schema and validating all YAML files against that schema. Semantic validation is done by providing a set of rules (implemented in Python) which are then validated against the YAML data. Every rule is implemented as a Python class and should be placed in a `.py` file located in the `--rules` path.\n\nEach `.py` file must have a single class named `Rule`. This class must have the following attributes: `id`, `description` and `severity`. It must implement a `classmethod()` named `match` that has a single function argument `data` which is the data read from all YAML files. It can optionally also have a second argument `schema` which would then provide the `Yamale` schema. It should return a list of strings, one for each rule violation with a descriptive message. A sample rule can be found below.\n\n```python\nclass Rule:\n    id = \"101\"\n    description = \"Verify child naming restrictions\"\n    severity = \"HIGH\"\n\n    @classmethod\n    def match(cls, data):\n        results = []\n        try:\n            for child in data[\"root\"][\"children\"]:\n                if child[\"name\"] == \"FORBIDDEN\":\n                    results.append(\"root.children.name\" + \" - \" + str(child[\"name\"]))\n        except KeyError:\n            pass\n        return results\n```\n\n## Installation\n\nPython 3.10+ is required to install `nac-validate`. Don't have Python 3.10 or later? See [Python 3 Installation \u0026 Setup Guide](https://realpython.com/installing-python/).\n\n`nac-validate` can be installed in a virtual environment using `pip` or `uv`:\n\n```bash\n# Using pip\npip install nac-validate\n\n# Using uv (recommended)\nuv tools install nac-validate\n```\n\n## Pre-Commit Hook\n\nThe tool can be integrated via a [pre-commit](https://pre-commit.com/) hook with the following config (`.pre-commit-config.yaml`), assuming the default values (`.schema.yaml`, `.rules/`) are appropriate:\n\n```\nrepos:\n  - repo: https://github.com/netascode/nac-validate\n    rev: v1.0.0\n    hooks:\n      - id: nac-validate\n```\n\nIn case the schema or validation rules are located somewhere else the required CLI arguments can be added like this:\n\n```\nrepos:\n  - repo: https://github.com/netascode/nac-validate\n    rev: v1.0.0\n    hooks:\n      - id: nac-validate\n        args:\n          - '-s'\n          - 'my_schema.yaml'\n          - '-r'\n          - 'rules/'\n```\n\n## Ansible Vault Support\n\nValues can be encrypted using [Ansible Vault](https://docs.ansible.com/ansible/latest/user_guide/vault.html). This requires Ansible (`ansible-vault` command) to be installed and the following two environment variables to be defined:\n\n```\nexport ANSIBLE_VAULT_ID=dev\nexport ANSIBLE_VAULT_PASSWORD=Password123\n```\n\n`ANSIBLE_VAULT_ID` is optional, and if not defined will be omitted.\n\n## Additional Tags\n\n### Reading Environment Variables\n\nThe `!env` YAML tag can be used to read values from environment variables.\n\n```yaml\nroot:\n  name: !env VAR_NAME\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnetascode%2Fnac-validate","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnetascode%2Fnac-validate","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnetascode%2Fnac-validate/lists"}