Based on https://docs.stoplight.io/docs/spectral/01baf06bdd05a-create-a-ruleset, the implemented rulesets are able to guarantee ensure consistent quality and adherence to security guidelines across all APIs. This tool effectively standardizes API development, maintaining high standards for both performance and security uniformly across the API landscape.
You can find out exactly how they work and how you can create your own set of rules here.
Default
...
and
...
Custom Ruleset Management
In the configuration section under 'rulesets, you can see ', the upper table displays the default rulesets in the upper table. One . These include one provided by Spectral for checking the , which focuses on verifying compliance with OpenAPI standards, and one another from OWASP with a focus on , emphasizing security and best practices. This arrangement allows for a comprehensive approach to API validation, combining standard adherence with robust security measures.
...
You can of course have the flexibility to create your own custom rulesets and freely define your own rules. You can also extend or adapt the existing rules that cater specifically to your needs. Additionally, there is the option to extend or modify the existing default rulesets. Rulesets explained
...
Rulesets can also have the option to be deactivated, in which case , and when this is done, they no longer have any influence on impact the API score.
The APIs must be revalidated in the event of an adjustment or a new rulesetIt's important to note that if there is any adjustment to a ruleset or a new ruleset is introduced, the APIs must undergo revalidation. This process ensures that the APIs are consistently evaluated against the most current set of rules and standards in place.