TNS
SUBSCRIBE
Join our community of software engineering leaders and aspirational developers. Always stay in-the-know by getting the most important news and exclusive content delivered fresh to your inbox to learn more about at-scale software development.
REQUIRED
 
It seems that you've previously unsubscribed from our newsletter in the past. Click the button below to open the re-subscribe form in a new tab. When you're done, simply close that tab and continue with this form to complete your subscription.
Welcome and thank you for joining The New Stack community!
Please answer a few simple questions to help us deliver the news and resources you are interested in.
REQUIRED
REQUIRED
REQUIRED
REQUIRED
REQUIRED
Great to meet you!
Tell us a bit about your job so we can cover the topics you find most relevant.
REQUIRED
REQUIRED
REQUIRED
REQUIRED
REQUIRED
 
Welcome!

We’re so glad you’re here. You can expect all the best TNS content to arrive Monday through Friday to keep you on top of the news and at the top of your game.

What’s next?

Check your inbox for a confirmation email where you can adjust your preferences and even join additional groups.

Become a TNS follower on LinkedIn.

Check out the latest featured and trending stories while you wait for your first TNS newsletter.

PREV
of
NEXT
VOXPOP
As a JavaScript developer, what non-React tools do you use most often?
Angular
0%
Astro
0%
Svelte
0%
Vue.js
0%
Other
0%
I only use React
0%
I don't use JavaScript
0%
 
Cloud Native Ecosystem Containers Databases Edge Computing Infrastructure as Code Linux Microservices Open Source Networking Storage
Fivetran Brings Data Lake Interoperability to Google Cloud
Apr 10th 2025 6:45am, by Charles Humble
Local or Cloud: Choosing the Right Dev Environment
Apr 9th 2025 4:00pm, by Anita Ihuman
The Open Format Movement Heats Up: Snowflake Embraces Apache Iceberg
Apr 8th 2025 6:00am, by Jelani Harper
Why Cloud Native Infrastructure Is Non-Negotiable for GenAI
Apr 7th 2025 3:00pm, by Debojyoti Dutta
CNCF Reveals New Certifications and Expanded Job Opportunities
Apr 4th 2025 2:00pm, by Steven J. Vaughan-Nichols
Why IT Belongs at the Edge
Apr 16th 2025 1:00pm, by Vicki Walker
Advanced Docker Scout Use Cases: Security Insights, Recommendations, and Remediation 
Apr 13th 2025 10:00am, by Advait Patel
Legacy to Cloud: Accelerate Modernization via Containers
Apr 10th 2025 10:00am, by Bhushan Nemade
The Super Helm Chart: To Deploy or Not To Deploy?
Apr 8th 2025 6:00am, by Utku Darılmaz
Automate Container Security Audits With Docker Scout and Python 
Apr 5th 2025 9:00am, by Advait Patel
Real-Time Read-Heavy Database Workloads: Considerations and Tips
Apr 17th 2025 9:00am, by Felipe Cardeneti Mendes
MongoDB Finds AI Can Help With Legacy System Migration
Apr 17th 2025 8:00am, by Joab Jackson
Fivetran Brings Data Lake Interoperability to Google Cloud
Apr 10th 2025 6:45am, by Charles Humble
AI Data Dilemma: Balancing Innovation with Ironclad Governance
Apr 8th 2025 11:00am, by Artin Avanes
Why Use a NoSQL Database for AI? There Are Many Great Reasons
Apr 8th 2025 8:00am, by Tim Rottach
Why IT Belongs at the Edge
Apr 16th 2025 1:00pm, by Vicki Walker
AI at the Edge: Federated Learning for Greater Performance
Apr 16th 2025 8:00am, by Charles Humble
Should You Care About Fermyon Wasm Functions on Akamai?
Mar 28th 2025 1:00pm, by B. Cameron Gain
Are Edge Computing and Cloud Computing in Competition?
Mar 27th 2025 6:00am, by Meredith Shubel
Edge Data Centers Offer Benefits for Remote Industrial Apps
Mar 26th 2025 8:00am, by Meredith Shubel
Why Most IaC Strategies Still Fail — And How To Fix Them
Apr 16th 2025 3:00pm, by Gal Gibli
Tackle IaC Tooling Complexity and Growing Cloud Costs in 2025
Apr 11th 2025 11:00am, by Ido Neeman
IT Leaders Brace for Tariff Fallout on Infrastructure and Cloud Costs
Mar 26th 2025 10:00am, by Krishna Subramanian
How To Select the Best Cloud Model for Your AI Strategy
Mar 25th 2025 1:00pm, by Abu Hassan Peer
Why FinOps Belongs in Your CI/CD Workflow
Mar 25th 2025 5:00am, by Amit Liberman
Kelsey Hightower on Nix vs. Docker: Is There a Different Way?
Apr 16th 2025 7:00am, by David Cassel
Linux: Five Easy Ways To Secure Any Distribution
Apr 13th 2025 8:00am, by Jack Wallen
Unsure How To Schedule With Cron on Linux? Try One of These GUIs
Apr 12th 2025 6:00am, by Jack Wallen
How To Develop on a Linux Desktop With an Easy-To-Use VM
Apr 10th 2025 6:00am, by Jack Wallen
Rust, Linux and Cloud Native Computing
Apr 7th 2025 8:00am, by Steven J. Vaughan-Nichols
Scale Microservices Testing Without Duplicating Environments
Apr 15th 2025 9:00am, by Arjun Iyer
What Agentic Workflows Mean to Microservices Developers
Apr 3rd 2025 4:00pm, by Janakiram MSV
Sandbox Testing: The DevEx Game-Changer for Microservices
Mar 27th 2025 7:11am, by Arjun Iyer
Testing Microservices: Message Isolation for Kafka, SQS, More
Mar 20th 2025 7:09am, by Arjun Iyer
The Million-Dollar Problem of Slow Microservices Testing
Mar 6th 2025 8:05am, by Arjun Iyer
Harness Kubernetes Costs With OpenCost
Apr 16th 2025 10:00am, by Ram Iyengar
Kelsey Hightower on Nix vs. Docker: Is There a Different Way?
Apr 16th 2025 7:00am, by David Cassel
The Kro Project: Giving Kubernetes Users What They Want
Apr 15th 2025 12:00pm, by Michelle Gienow
OpenSearch: What’s Next for the Search and Analytics Suite?
Apr 10th 2025 9:00am, by Michelle Gienow
Five Years In, Backstage Is Just Getting Started
Apr 7th 2025 2:00pm, by Jennifer Riggins
Dave Taht, Who Sped Up Networks More Than You'll Ever Know, Has Died
Apr 4th 2025 11:00am, by Steven J. Vaughan-Nichols
KubeCon Europe: Kgateway Aims To Be the Kubernetes Onramp
Apr 3rd 2025 7:00am, by Joab Jackson
KubeCon Europe: Aviatrix's Enterprise Firewall for Kubernetes
Mar 24th 2025 5:00am, by Joab Jackson
NVIDIA Unveils Next-Gen Rubin and Feynman Architectures, Pushing AI Power Limits
Mar 19th 2025 3:00pm, by Adrian Cockcroft
2.8 Million Reasons Why You Can’t Trust Your VPN
Mar 17th 2025 9:00am, by Nick Taylor
Real-Time Read-Heavy Database Workloads: Considerations and Tips
Apr 17th 2025 9:00am, by Felipe Cardeneti Mendes
Fivetran Brings Data Lake Interoperability to Google Cloud
Apr 10th 2025 6:45am, by Charles Humble
The Open Format Movement Heats Up: Snowflake Embraces Apache Iceberg
Apr 8th 2025 6:00am, by Jelani Harper
Don’t Let Storage Slow Down DevOps
Apr 3rd 2025 2:00pm, by Carol Platz
Changed Block Tracking Is Here for Kubernetes Resilience
Mar 24th 2025 8:30am, by Mark Lavi
AI AI Engineering API Management Backend development Data Frontend Development Large Language Models Security Software Development WebAssembly
MongoDB Finds AI Can Help With Legacy System Migration
Apr 17th 2025 8:00am, by
GitLab's Duo Assistant With Amazon Q Is Now Generally Available
Apr 17th 2025 6:00am, by
Move Beyond Chatbots, Plus 5 Other Lessons for AI Developers
Apr 16th 2025 12:00pm, by
Slopsquatting: The Newest Threat to Your AI-Generated Code
Apr 16th 2025 9:00am, by
AI at the Edge: Federated Learning for Greater Performance
Apr 16th 2025 8:00am, by
Vibing Dangerously: The Hidden Risks of AI-Generated Code
Apr 16th 2025 11:00am, by
Slopsquatting: The Newest Threat to Your AI-Generated Code
Apr 16th 2025 9:00am, by
Seven Habits of Highly Effective AI Coding
Apr 16th 2025 6:00am, by
Code in Your Native Tongue: Amazon Q Developer Goes Global
Apr 10th 2025 5:00pm, by
Ironwood: Google's Answer to Nvidia in the AI Chip Wars
Apr 9th 2025 10:00am, by
Case Study: AI Agent Cuts API Connector Dev Time to Minutes
Apr 15th 2025 2:00pm, by
Use API Governance Tools for Better API Experiences
Apr 11th 2025 2:00pm, by
OpenAPI: How to Handle File Management
Apr 8th 2025 9:00am, by
Future of Platform Engineering Is About Much More Than AI
Apr 3rd 2025 12:00pm, by
DeepSource Releases Globstar Amid Semgrep Licensing Backlash
Apr 2nd 2025 5:00pm, by
JavaScript's Missing Link: Wasp Offers Full Stack Solution
Mar 26th 2025 2:00pm, by
Pagoda: A Web Development Starter Kit for Go Programmers
Mar 19th 2025 6:10am, by
Apollo: GraphQL Now Connects to REST APIs With Little Fuss
Mar 11th 2025 7:30am, by
Introduction to Backend Development
Mar 10th 2025 12:30pm, by
Laravel Adds Inertia To Stack and Offers React Starter Kit
Mar 4th 2025 10:00am, by
Year of AI Utility: Moving From Early Wins to Long-Term Value
Apr 15th 2025 8:05am, by
What Devs Should Know When Starting an Apache Kafka Journey
Apr 15th 2025 6:00am, by
Formula 1: Engineering When Every Millisecond Counts
Apr 11th 2025 9:24am, by
From BI to Predictive AI: Why Analysts Are the Heroes of the Next Data Frontier
Apr 10th 2025 11:00am, by
OpenSearch: What’s Next for the Search and Analytics Suite?
Apr 10th 2025 9:00am, by
Move Beyond Chatbots, Plus 5 Other Lessons for AI Developers
Apr 16th 2025 12:00pm, by
Frontend Gets Smarter: AI's JavaScript Revolution
Apr 15th 2025 11:00am, by
Internal Projects: Working Inside the Panopticon
Apr 12th 2025 8:00am, by
New Laravel-Related Offerings Include Octane Alternative
Apr 12th 2025 5:00am, by
Three AI-Assisted Development Skills You Can Start Using Today
Apr 9th 2025 2:00pm, by
Build Scalable LLM Apps With Kubernetes: A Step-by-Step Guide
Apr 14th 2025 6:00am, by
Breakthrough: LLM Traces Outputs to Specific Training Data
Apr 9th 2025 8:30am, by
Agentic AI Is the Next Frontier in Enterprise Operations
Apr 8th 2025 10:00am, by
KubeCon Europe: How Kubernetes Handles 6G, LLMs and Deep Space
Apr 7th 2025 10:00am, by
Adopt World Models Today or Fall Behind Tomorrow
Apr 4th 2025 12:00pm, by
Vibing Dangerously: The Hidden Risks of AI-Generated Code
Apr 16th 2025 11:00am, by
Slopsquatting: The Newest Threat to Your AI-Generated Code
Apr 16th 2025 9:00am, by
JFrog Sounds Alarm on Crypto-Stealing Python Package
Apr 15th 2025 3:00pm, by
Agentic Access Is Here. Your Authorization Model Is Probably Broken.
Apr 15th 2025 1:00pm, by
Advanced Docker Scout Use Cases: Security Insights, Recommendations, and Remediation 
Apr 13th 2025 10:00am, by
Math-Phobic Coders, Rejoice: Python Does the Hard Work
Apr 16th 2025 5:00pm, by
Move Beyond Chatbots, Plus 5 Other Lessons for AI Developers
Apr 16th 2025 12:00pm, by
Vibing Dangerously: The Hidden Risks of AI-Generated Code
Apr 16th 2025 11:00am, by
Case Study: AI Agent Cuts API Connector Dev Time to Minutes
Apr 15th 2025 2:00pm, by
Four New Areas Where AI Is Transforming Software Development
Apr 14th 2025 11:00am, by
Hyperlight Wasm: Azure Goes the Final Wasi Mile
Apr 3rd 2025 9:00am, by
Endor: WebAssembly-Based Server in the Browser
Mar 29th 2025 1:00pm, by
Should You Care About Fermyon Wasm Functions on Akamai?
Mar 28th 2025 1:00pm, by
Akamai Picks Up Hosting for Kernel.org
Mar 27th 2025 10:00am, by
Top 5 Uses of WebAssembly for Web Developers
Feb 16th 2025 7:00am, by
AI Operations CI/CD Cloud Services DevOps Kubernetes Observability Operations Platform Engineering
GitLab's Duo Assistant With Amazon Q Is Now Generally Available
Apr 17th 2025 6:00am, by Frederic Lardinois
Year of AI Utility: Moving From Early Wins to Long-Term Value
Apr 15th 2025 8:05am, by Baris Gultekin
Four New Areas Where AI Is Transforming Software Development
Apr 14th 2025 11:00am, by Emilio Salvador
Agentic AI Is the Next Frontier in Enterprise Operations
Apr 8th 2025 10:00am, by Guo Wei
Why Cloud Native Infrastructure Is Non-Negotiable for GenAI
Apr 7th 2025 3:00pm, by Debojyoti Dutta
Optimizing the 90%: Where Dev Time Really Gets Stuck
Apr 17th 2025 7:00am, by Sooraj Shah
Build a Real-Time Bidding System With Next.js and Stream
Apr 16th 2025 2:00pm, by Jeroen Leenarts
Seven Habits of Highly Effective AI Coding
Apr 16th 2025 6:00am, by Tariq Shaukat
Optimizing CI/CD for Trust, Observability and Developer Well-Being
Apr 15th 2025 10:00am, by Saqib Jan
What Devs Should Know When Starting an Apache Kafka Journey
Apr 15th 2025 6:00am, by Sandon Jacobs
Mastering the Cloud: Saumen Biswas on Cutting Costs Without Cutting Corners
Apr 14th 2025 12:00pm, by Colin Bonini
Google Kubernetes Engine Customized for Faster AI Work
Apr 9th 2025 9:00am, by Joab Jackson
Apache Ray Finds a Home on the Google Kubernetes Engine
Apr 9th 2025 6:00am, by Joab Jackson
VMware Alternatives: A Strategic Guide to Modern Virtualization
Apr 4th 2025 8:00am, by Adam Swidler
Google Extends Gmail Client-Side Encryption to All Users
Apr 1st 2025 9:00am, by Joab Jackson
Harness Kubernetes Costs With OpenCost
Apr 16th 2025 10:00am, by Ram Iyengar
Optimizing CI/CD for Trust, Observability and Developer Well-Being
Apr 15th 2025 10:00am, by Saqib Jan
The Interrupt Tax: Why Developer Productivity Is Measured in Silences
Apr 14th 2025 11:00am, by Nishant Modak
Advanced Docker Scout Use Cases: Security Insights, Recommendations, and Remediation 
Apr 13th 2025 10:00am, by Advait Patel
Formula 1: Engineering When Every Millisecond Counts
Apr 11th 2025 9:24am, by Jennifer Riggins
Harness Kubernetes Costs With OpenCost
Apr 16th 2025 10:00am, by Ram Iyengar
The Kro Project: Giving Kubernetes Users What They Want
Apr 15th 2025 12:00pm, by Michelle Gienow
Build Scalable LLM Apps With Kubernetes: A Step-by-Step Guide
Apr 14th 2025 6:00am, by Oladimeji Sowole
Google Kubernetes Engine Customized for Faster AI Work
Apr 9th 2025 9:00am, by Joab Jackson
The Super Helm Chart: To Deploy or Not To Deploy?
Apr 8th 2025 6:00am, by Utku Darılmaz
DeepSource Releases Globstar Amid Semgrep Licensing Backlash
Apr 2nd 2025 5:00pm, by B. Cameron Gain
KubeCon Europe Day 1 Keynote: Can Observability Keep Up With LLMs?
Apr 2nd 2025 4:00pm, by B. Cameron Gain
Observability in K8s: Moving From Reactive to Predictive
Apr 2nd 2025 9:00am, by Lori Bertelli
ML and LLM Adoption Challenged Most Often by Observability
Mar 31st 2025 7:00am, by Lawrence E Hecht
What eBPF Means for Observability vs. Security
Mar 31st 2025 6:17am, by B. Cameron Gain
Sampling vs. Resampling With Python: Key Differences and Applications
Apr 16th 2025 4:00pm, by Jack Wallen
Why IT Belongs at the Edge
Apr 16th 2025 1:00pm, by Vicki Walker
The Kro Project: Giving Kubernetes Users What They Want
Apr 15th 2025 12:00pm, by Michelle Gienow
Python Software Foundation Honors Ewa Jodlowska's Service
Apr 13th 2025 7:00am, by David Cassel
Beyond ROWE: Why Results-Only Work Isn’t Always a Win
Apr 12th 2025 10:00am, by Steve Fenton
Optimizing the 90%: Where Dev Time Really Gets Stuck
Apr 17th 2025 7:00am, by Sooraj Shah
Optimizing CI/CD for Trust, Observability and Developer Well-Being
Apr 15th 2025 10:00am, by Saqib Jan
Mastering the Cloud: Saumen Biswas on Cutting Costs Without Cutting Corners
Apr 14th 2025 12:00pm, by Colin Bonini
Local or Cloud: Choosing the Right Dev Environment
Apr 9th 2025 4:00pm, by Anita Ihuman
Why Cloud Native Infrastructure Is Non-Negotiable for GenAI
Apr 7th 2025 3:00pm, by Debojyoti Dutta
C++ Developer tools Go Java JavaScript Programming Languages Python Rust TypeScript
EngFlow Makes C++ Builds 21x Faster and Software a Lot Safer
Apr 3rd 2025 3:00pm, by Darryl K. Taft
Memory-Safe C: TrapC's Pitch to the C ISO Working Group
Mar 12th 2025 7:00am, by David Cassel
Bjarne Stroustrup on How He Sees C++ Evolving
Mar 7th 2025 6:00am, by David Cassel
Curl's Daniel Stenberg on Securing 180,000 Lines of C Code
Feb 23rd 2025 6:00am, by David Cassel
Introduction to C++ Programming Language
Feb 11th 2025 6:00am, by TNS Staff
GitLab's Duo Assistant With Amazon Q Is Now Generally Available
Apr 17th 2025 6:00am, by Frederic Lardinois
Local or Cloud: Choosing the Right Dev Environment
Apr 9th 2025 4:00pm, by Anita Ihuman
From BASIC to Vibes: Microsoft's 50-Year Code Evolution
Apr 4th 2025 5:00pm, by Darryl K. Taft
EngFlow Makes C++ Builds 21x Faster and Software a Lot Safer
Apr 3rd 2025 3:00pm, by Darryl K. Taft
Red Hat Arms Developers With AI-Powered Migration Tools
Apr 1st 2025 1:00pm, by Steven J. Vaughan-Nichols
Prepare Your Mac for Go Development
Apr 12th 2025 7:00am, by Damon M. Garn
Pagoda: A Web Development Starter Kit for Go Programmers
Mar 19th 2025 6:10am, by Loraine Lawson
Microsoft TypeScript Devs Explain Why They Chose Go Over Rust, C#
Mar 18th 2025 7:00am, by David Cassel
Go Power: Microsoft's Bold Bet on Faster TypeScript Tools
Mar 12th 2025 1:00pm, by Darryl K. Taft and Loraine Lawson
Introduction to Go Programming Language
Jan 17th 2025 9:00am, by TNS Staff
JavaOne 2025: Talks, History, Community, and Scott McNealy
Apr 6th 2025 6:00am, by David Cassel
Java Modernizes: New Tools for AI and Quantum Age
Mar 26th 2025 7:00am, by Chris J. Preimesberger
Oracle Ships Java 24: 'AI Is So Yesterday' Says VP
Mar 19th 2025 10:00am, by Darryl K. Taft
Vulnerability-Free Java Containers: A Practical Guide
Mar 8th 2025 9:00am, by Eric Murphy
AI Tools Now Essential in Java Dev's Productivity Arsenal
Mar 6th 2025 3:00pm, by Darryl K. Taft
Frontend Gets Smarter: AI's JavaScript Revolution
Apr 15th 2025 11:00am, by Alexander T. Williams
New Laravel-Related Offerings Include Octane Alternative
Apr 12th 2025 5:00am, by Loraine Lawson
A Peek at What’s Next for Vue
Apr 5th 2025 6:00am, by Loraine Lawson
A Developer’s Guide to Server-Side JavaScript
Apr 3rd 2025 10:00am, by Martin Bach
Researchers Find Next.js Middleware Vulnerability
Mar 29th 2025 3:01am, by Loraine Lawson
Math-Phobic Coders, Rejoice: Python Does the Hard Work
Apr 16th 2025 5:00pm, by Jessica Wachtel
Build a Real-Time Bidding System With Next.js and Stream
Apr 16th 2025 2:00pm, by Jeroen Leenarts
JFrog Sounds Alarm on Crypto-Stealing Python Package
Apr 15th 2025 3:00pm, by Chris J. Preimesberger
A Developer’s Guide to Server-Side JavaScript
Apr 3rd 2025 10:00am, by Martin Bach
Level Up Your Python: Higher-Order Functions Explained
Apr 2nd 2025 12:00pm, by Jessica Wachtel
Math-Phobic Coders, Rejoice: Python Does the Hard Work
Apr 16th 2025 5:00pm, by Jessica Wachtel
JFrog Sounds Alarm on Crypto-Stealing Python Package
Apr 15th 2025 3:00pm, by Chris J. Preimesberger
Python Software Foundation Honors Ewa Jodlowska's Service
Apr 13th 2025 7:00am, by David Cassel
NVIDIA Finally Adds Native Python Support to CUDA
Apr 2nd 2025 2:00pm, by Agam Shah
Level Up Your Python: Higher-Order Functions Explained
Apr 2nd 2025 12:00pm, by Jessica Wachtel
Microsoft TypeScript Devs Explain Why They Chose Go Over Rust, C#
Mar 18th 2025 7:00am, by David Cassel
Go Power: Microsoft's Bold Bet on Faster TypeScript Tools
Mar 12th 2025 1:00pm, by Darryl K. Taft and Loraine Lawson
Oracle Won’t Release ‘JavaScript’ Without a Fight
Jan 11th 2025 5:00am, by Loraine Lawson
The Year in JavaScript: Top JS News Stories of 2024
Dec 27th 2024 6:30am, by Loraine Lawson
How OOP Developers Can Get To Know TypeScript Through Deno
Oct 19th 2024 8:00am, by David Eastman
API Management

Use API Governance Tools for Better API Experiences

Here's a look at the tools available for API governance, for both new or existing APIs, and how they can fit into your workflow.
Apr 11th, 2025 2:00pm by
Featued image for: Use API Governance Tools for Better API Experiences
Featured image by Christopher Burns from Unsplash.

API governance is a cornerstone of good API experiences for both producers and consumers. We talk a lot about how OpenAPI is about much more than the tools, but the tools can help a lot, too. Let’s take a look at the options available and how they fit your workflow.

Tools for API Governance

The main tool in the API governance toolbox is the linter, sometimes also called a validator. These tools check an OpenAPI description against a set of standards. Which standards? The ones you configure. Investing the time to configure the linter to support the agreed API standards is a key ingredient to implementing good API governance.

There are multiple decent tools available for linting, and most of them are open source, which means you can easily try them out and find one you like. Try these for starters:

Each of these tools will offer a default “recommended” ruleset. However, these tend to be rather stringent, and I wouldn’t actually recommend them as a starting point unless they align closely with the API standards you identified for yourselves. Especially when retrofitting API governance to an existing API project, slow and iterative is the real recommended approach.

Start Simple

Start by picking a tool: in these examples, I’m using Vacuum, but Spectral supports the same rule configuration if you prefer that. Turn off the default rules and enable what makes sense for your situation. A great place to start is to enable the oas3-schema rule and check that the OpenAPI description you have is valid. It’s surprising how many OpenAPI tools don’t quite output valid OpenAPI in every situation.

To turn off the default rules and check for a valid description, use a ruleset.yaml file like this:

Run this ruleset over your openapi.yaml file with Vacuum using the following command:


If you don’t have an OpenAPI file handy, you’re welcome to grab the Blog OpenAPI example I used and try that. (It includes some problems that will be exposed when we add a few more rules.)

If the OpenAPI description is invalid, the problems and where in the file they occur will be displayed in the output. The command also returns an error, so this tool is useful in a CI setup, where it will return a failure status and alert you of a problem.

Selectively Add Rules

One reason why the recommended rulesets are such a challenge for existing APIs is that they don’t have the context of what your application does and what’s important. It’s better to focus on the areas that matter to your organization instead of a generic set of priorities.

In this example, the focus is on developer experience, creating an API that our technical users will be happy to integrate with. To support this, the first rules to add are:

  • operation-operationId and operation-operationId-unique make sure that each operation has a unique identifier; these values are used as anchors in documentation and often as method names in generated SDKs.
  • operation-tag-defined and tag-description require every tag used in the API description to be declared in the top-level tags section and to have a description.
  • operation-description, schema-description, and component-description ensure that there are description fields throughout the API description. Adding meaningful information, written by humans, is low-hanging fruit when it comes to improving the developer experience of your API.
  • description-duplication provides a low-level information message if two description fields are identical, as this usually indicates a copy/paste error.

With the additional rules, here is the updated ruleset.yaml file:

You might notice that when we run the command this time, the output reports some problems:

Vacuum API governance tool output

Vacuum’s output reports errors.

The errors are caused by one of the endpoints missing both an operationId (technically not a required field in OpenAPI but definitely a good idea) and a description. Try fixing the error yourself and rerunning the command to see the updated output.

For your own API descriptions, pick the rules that fit the priorities you have. Dig into the Vacuum rulesets documentation and build out a starter set of rules to fit your own project.

Integrate Checks Into Your Workflow

Having API linting running at multiple points in the API development lifecycle is good practice because it keeps the feedback cycles short and helps developers innovate faster.

For design-first projects, having linting set up on local development platforms is a must-have. Some tools integrate into IDEs, or you can run the tools on the CLI on your development machine.

Whether designed or generated, OpenAPI changes should be reviewed in a pull request, and API governance checks including linting definitely belong there! Use the CLI command from above in your existing CI workflow setup, such as GitHub Actions or GitLab/Azure pipelines.

Vacuum can produce an interactive HTML report that is a very user-friendly way to review the output of the linting rules. Use it locally for a nicer way to see what’s happening, or build it in your CI process to give reviewers a pleasing interface to look at. Vacuum’s support for documentation for every rule (including any custom rules you create) is a great way to provide more context and advice to support each rule.

Vacuum's dashboard provides an interactive dashboard report.

Vacuum’s dashboard provides interactive reports.

You might also want to look at the dashboard command, which produces a terminal-based dashboard of linting output, or generate a report in JSON or Spectral format.

API Governance Is More Than Automation

API governance is more than automation, but automating the easy stuff really helps. Don’t feel daunted by the long lists of things that aren’t perfect or rules that aren’t enabled.

Adding linting to your day-to-day work brings quality and consistency to your API development, and even if there are things you can’t fix today, the checks can be added to avoid any regressions or mistakes in new API features as it grows.

So look at where you are with API governance, and where you’d like to go, and use linting to help you take a step or two along the way.

TRENDING STORIES
Created with Sketch.
Lorna Mitchell is based in Yorkshire, U.K.; she is a technology leader and developer experience expert who is passionate about APIs and developer tools. Lorna serves on the Technical Steering Committee for the OpenAPI specification, is on the board of...
Read more from Lorna Mitchell
SHARE THIS STORY
TRENDING STORIES
TRENDING STORIES
TNS DAILY NEWSLETTER Receive a free roundup of the most recent TNS articles in your inbox each day.