Component Require Security Schemes

component-require-security-schemes

info experience: securityexperience: governance spec: components owasp: api2

{{description}}: {{error}}

The API contract MUST include a ‘securitySchemes’ subsection under the ‘components’ section.

Rule definition

The full Spotlight rule — drop it into a ruleset (.spotlight.yaml / .spectral.yaml) and run it with any Spotlight tool.

component-require-security-schemes:
  title: Component Require Security Schemes
  reference: https://spotlight-rules.com/spec/rules/openapi/component-require-security-schemes/
  description: The API contract MUST include a 'securitySchemes' subsection under
    the 'components' section.
  message: "{{description}}: {{error}}"
  severity: info
  given: $.components
  then:
    field: securitySchemes
    function: truthy
  formats:
    - oas3
  tags:
    - owasp:api2
    - format:openapi
    - spec:components
    - experience:security
    - experience:governance
  prompt: "You are editing an OpenAPI document to satisfy the Spotlight API
    governance rule 'component-require-security-schemes' (Component Require
    Security Schemes). Requirement: The API contract MUST include a
    'securitySchemes' subsection under the 'components' section. To fix: Ensure
    `securitySchemes` is present and non-empty at each matching location. This
    rule is evaluated at the JSONPath `$.components` — inspect every location it
    matches and correct only what violates the rule. Make the smallest change
    that satisfies the rule, leave all unrelated content, key order, comments,
    and formatting unchanged, and keep the document valid OpenAPI. Return only
    the complete corrected document, with no commentary."
AI fix prompt — send this to Claude, Gemini, or ChatGPT with your artifact to auto-fix this rule 
You are editing an OpenAPI document to satisfy the Spotlight API governance rule 'component-require-security-schemes' (Component Require Security Schemes). Requirement: The API contract MUST include a 'securitySchemes' subsection under the 'components' section. To fix: Ensure `securitySchemes` is present and non-empty at each matching location. This rule is evaluated at the JSONPath `$.components` — inspect every location it matches and correct only what violates the rule. Make the smallest change that satisfies the rule, leave all unrelated content, key order, comments, and formatting unchanged, and keep the document valid OpenAPI. Return only the complete corrected document, with no commentary.
ArtifactOpenAPI
Applies at (given)$.components
Severityinfo — educational by default; raise to warn/error to enforce
Referencehttps://spotlight-rules.com/spec/rules/openapi/component-require-security-schemes/
← Component Message Require Examples
all OpenAPI rules
Contact Properties →