{"id":14986451,"url":"https://github.com/oai/openapi-specification","last_synced_at":"2025-09-09T20:25:46.225Z","repository":{"id":14654512,"uuid":"17372733","full_name":"OAI/OpenAPI-Specification","owner":"OAI","description":"The OpenAPI Specification Repository","archived":false,"fork":false,"pushed_at":"2025-09-09T06:54:30.000Z","size":8262,"stargazers_count":30180,"open_issues_count":151,"forks_count":9138,"subscribers_count":852,"default_branch":"main","last_synced_at":"2025-09-09T09:22:38.502Z","etag":null,"topics":["apis","oas","openapi","openapi-specification","rest","webapi"],"latest_commit_sha":null,"homepage":"https://openapis.org","language":"Markdown","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/OAI.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":"SECURITY_CONSIDERATIONS.md","support":null,"governance":"GOVERNANCE.md","roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":"MAINTAINERS.md","copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2014-03-03T16:53:36.000Z","updated_at":"2025-09-09T09:15:42.000Z","dependencies_parsed_at":"2023-12-07T19:29:16.362Z","dependency_job_id":"bc1d447e-0e4e-4314-b2e6-940e406c99e1","html_url":"https://github.com/OAI/OpenAPI-Specification","commit_stats":{"total_commits":1540,"total_committers":255,"mean_commits":6.03921568627451,"dds":0.827922077922078,"last_synced_commit":"c4b19a025994244c04e44982955ad5464ce7341f"},"previous_names":[],"tags_count":15,"template":false,"template_full_name":null,"purl":"pkg:github/OAI/OpenAPI-Specification","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OAI%2FOpenAPI-Specification","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OAI%2FOpenAPI-Specification/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OAI%2FOpenAPI-Specification/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OAI%2FOpenAPI-Specification/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/OAI","download_url":"https://codeload.github.com/OAI/OpenAPI-Specification/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OAI%2FOpenAPI-Specification/sbom","scorecard":{"id":28353,"data":{"date":"2025-08-11","repo":{"name":"github.com/OAI/OpenAPI-Specification","commit":"139c3e5a60d50b2bde06078676a7425d9ca54f9f"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":4.9,"checks":[{"name":"Code-Review","score":10,"reason":"all changesets reviewed","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Maintained","score":10,"reason":"30 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: topLevel 'contents' permission set to 'read': .github/workflows/agenda.yaml:19","Warn: no topLevel permission defined: .github/workflows/check-restricted-files.yaml:1","Info: topLevel 'contents' permission set to 'read': .github/workflows/inactive-issues.yml:10","Warn: no topLevel permission defined: .github/workflows/respec.yaml:1","Warn: no topLevel permission defined: .github/workflows/schema-publish.yaml:1","Warn: no topLevel permission defined: .github/workflows/schema-tests.yaml:1","Warn: no topLevel permission defined: .github/workflows/sync-dev-to-vX.Y-dev.yaml:1","Warn: no topLevel permission defined: .github/workflows/sync-main-to-dev.yaml:1","Warn: no topLevel permission defined: .github/workflows/validate-markdown.yaml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Dangerous-Workflow","score":0,"reason":"dangerous workflow patterns detected","details":["Warn: script injection with untrusted input ' github.event.pull_request.head.ref ': .github/workflows/check-restricted-files.yaml:20","Warn: script injection with untrusted input ' github.event.pull_request.head.ref ': .github/workflows/check-restricted-files.yaml:20","Warn: script injection with untrusted input ' github.event.pull_request.head.ref ': .github/workflows/check-restricted-files.yaml:20","Warn: script injection with untrusted input ' github.event.pull_request.head.ref ': .github/workflows/check-restricted-files.yaml:20"],"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Pinned-Dependencies","score":3,"reason":"dependency not pinned by hash detected -- score normalized to 3","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/agenda.yaml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/OAI/OpenAPI-Specification/agenda.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/inactive-issues.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/OAI/OpenAPI-Specification/inactive-issues.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/respec.yaml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/OAI/OpenAPI-Specification/respec.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/respec.yaml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/OAI/OpenAPI-Specification/respec.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/respec.yaml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/OAI/OpenAPI-Specification/respec.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/respec.yaml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/OAI/OpenAPI-Specification/respec.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/schema-publish.yaml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/OAI/OpenAPI-Specification/schema-publish.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/schema-publish.yaml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/OAI/OpenAPI-Specification/schema-publish.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/schema-publish.yaml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/OAI/OpenAPI-Specification/schema-publish.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/schema-publish.yaml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/OAI/OpenAPI-Specification/schema-publish.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/schema-tests.yaml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/OAI/OpenAPI-Specification/schema-tests.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/schema-tests.yaml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/OAI/OpenAPI-Specification/schema-tests.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sync-dev-to-vX.Y-dev.yaml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/OAI/OpenAPI-Specification/sync-dev-to-vX.Y-dev.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sync-dev-to-vX.Y-dev.yaml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/OAI/OpenAPI-Specification/sync-dev-to-vX.Y-dev.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sync-main-to-dev.yaml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/OAI/OpenAPI-Specification/sync-main-to-dev.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sync-main-to-dev.yaml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/OAI/OpenAPI-Specification/sync-main-to-dev.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/validate-markdown.yaml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/OAI/OpenAPI-Specification/validate-markdown.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/validate-markdown.yaml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/OAI/OpenAPI-Specification/validate-markdown.yaml/main?enable=pin","Info:   0 out of  16 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   2 third-party GitHubAction dependencies pinned","Info:   3 out of   3 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Branch-Protection","score":8,"reason":"branch protection is not maximal on development and all release branches","details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Warn: required approving review count is 1 on branch 'main'","Info: codeowner review is required on branch 'main'","Info: status check found to merge onto on branch 'main'","Info: PRs are required in order to make changes on branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":9,"reason":"1 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-14T18:27:13.620Z","repository_id":14654512,"created_at":"2025-08-14T18:27:13.620Z","updated_at":"2025-08-14T18:27:13.620Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":274357587,"owners_count":25270675,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-09T02:00:10.223Z","response_time":80,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["apis","oas","openapi","openapi-specification","rest","webapi"],"created_at":"2024-09-24T14:12:53.669Z","updated_at":"2025-09-09T20:25:46.216Z","avatar_url":"https://github.com/OAI.png","language":"Markdown","readme":"# The OpenAPI Specification\n\n![Build Status](https://github.com/OAI/OpenAPI-Specification/workflows/validate-markdown/badge.svg) [![Issue triagers](https://www.codetriage.com/oai/openapi-specification/badges/users.svg)](https://www.codetriage.com/oai/openapi-specification)\n\n![OpenAPI logo](https://avatars3.githubusercontent.com/u/16343502?v=3\u0026s=200)\n\n\nThe OpenAPI Specification is a community-driven open specification within the [OpenAPI Initiative](https://www.openapis.org/), a Linux Foundation Collaborative Project.\n\nThe OpenAPI Specification (OAS) defines a standard, programming language-agnostic interface description for HTTP APIs. This allows both humans and computers to discover and understand the capabilities of a service without requiring access to source code, additional documentation, or inspection of network traffic. When properly defined via OpenAPI, a consumer can understand and interact with the remote service with a minimal amount of implementation logic. Similar to what interface descriptions have done for lower-level programming, the OpenAPI Specification removes guesswork in calling a service.\n\nUse cases for machine-readable API definition documents include, but are not limited to: interactive documentation; code generation for documentation, clients, and servers; and automation of test cases. OpenAPI documents describe API services and are represented in YAML or JSON formats. These documents may be produced and served statically or generated dynamically from an application.\n\nThe OpenAPI Specification does not require rewriting existing APIs. It does not require binding any software to a service – the described service may not even be owned by the creator of its description. It does, however, require that the service's capabilities be described in the structure of the OpenAPI Specification. Not all services can be described by OpenAPI – this specification is not intended to cover every possible style of HTTP APIs, but does include support for [REST APIs](https://en.wikipedia.org/wiki/Representational_state_transfer). The OpenAPI Specification does not mandate a specific development process such as design-first or code-first. It does facilitate either technique by establishing clear interactions with an HTTP API.\n\nThis GitHub project is the starting point for OpenAPI. Here you will find the information you need about the OpenAPI Specification, simple examples of what it looks like, and some general information regarding the project.\n\n## Versions\n\nThis repository contains [the Markdown sources](versions) for [all published OpenAPI Specification versions](https://spec.openapis.org/). For release notes and release candidate versions, refer to the [releases page](https://github.com/OAI/OpenAPI-Specification/releases).\n\n## See It in Action\n\nIf you just want to see it work, check out the [list of current examples](https://learn.openapis.org/examples/).\n\n## Tools and Libraries\n\nLooking to see how you can create your own OpenAPI definition, present it, or otherwise use it? Check out the growing\n[list of implementations](IMPLEMENTATIONS.md).\n\n## Participation\n\nThe current process for developing the OpenAPI Specification is described in\nthe [Contributing Guidelines](CONTRIBUTING.md).\n\nDeveloping the next version of the OpenAPI Specification is guided by the [Technical Steering Committee (TSC)](https://www.openapis.org/participate/how-to-contribute/governance#TDC). This group of committers bring their API expertise, incorporate feedback from the community, and expand the group of committers as appropriate. All development activity on the future specification will be performed as features and merged into this branch. Upon release of the future specification, this branch will be merged to `main`.\n\nThe TSC holds weekly web conferences to review open pull requests and discuss open issues related to the evolving OpenAPI Specification. Participation in weekly calls and scheduled working sessions is open to the community. You can view the entire OpenAPI [technical meeting calendar](https://calendar.google.com/calendar/u/0/embed?src=c_fue82vsncog6ahhjvuokjo8qsk@group.calendar.google.com) online.\n\nThe OpenAPI Initiative encourages participation from individuals and companies alike. If you want to participate in the evolution of the OpenAPI Specification, consider taking the following actions:\n\n* Review the specification [markdown sources](versions) and [authoritative _source-of-truth_ HTML renderings](https://spec.openapis.org/), including full credits and citations.\n* Review the [contributing](CONTRIBUTING.md) process so you understand how the spec is evolving.\n* Check the [discussions](https://github.com/OAI/OpenAPI-Specification/discussions), [issues](https://github.com/OAI/OpenAPI-Specification/issues) and [pull requests](https://github.com/OAI/OpenAPI-Specification/pulls) to see if someone has already documented your idea or feedback on the specification. You can follow an existing conversation by subscribing to the existing issue or PR.\n* Subscribe to an open issue a day (or a week) in your inbox via [CodeTriage.com](https://www.codetriage.com/oai/openapi-specification).\n* Create a discussion to describe a new concern, ideally with clear explanations of related use cases.\n\nNot all feedback can be accommodated, and there may be solid arguments for or against a change being appropriate for the specification.\n\n## Licensing\n\nSee: [License (Apache-2.0)](https://github.com/OAI/OpenAPI-Specification/blob/main/LICENSE)\n\n\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Foai%2Fopenapi-specification","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Foai%2Fopenapi-specification","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Foai%2Fopenapi-specification/lists"}