Info OWASP API9 Document Version

info-owasp-api9-document-version

info experience: securityexperience: governance spec: info owasp: api9

API should declare info.version for inventory management.

The API should declare a version in info.version so every published version is inventoried and retired versions can be tracked (OWASP API9 — improper inventory management).

Rule definition

The full Spotlight rule — drop it into a ruleset (.spotlight.yaml / .spectral.yaml) and run it with any Spotlight tool.

info-owasp-api9-document-version:
  title: Info OWASP API9 Document Version
  reference: https://spotlight-rules.com/spec/rules/openapi/info-owasp-api9-document-version/
  description: The API should declare a version in info.version so every published
    version is inventoried and retired versions can be tracked (OWASP API9 —
    improper inventory management).
  message: API should declare info.version for inventory management.
  given: $.info
  severity: info
  then:
    field: version
    function: truthy
  tags:
    - format:openapi
    - spec:info
    - experience:security
    - experience:governance
    - owasp:api9
  prompt: "You are editing an OpenAPI document to satisfy the Spotlight API
    governance rule 'info-owasp-api9-document-version' (Info OWASP API9 Document
    Version). Requirement: The API should declare a version in info.version so
    every published version is inventoried and retired versions can be tracked
    (OWASP API9 — improper inventory management). To fix: Ensure `version` is
    present and non-empty at each matching location. This rule is evaluated at
    the JSONPath `$.info` — inspect every location it matches and correct only
    what violates the rule. Make the smallest change that satisfies the rule,
    leave all unrelated content, key order, comments, and formatting unchanged,
    and keep the document valid OpenAPI. Return only the complete corrected
    document, with no commentary."
AI fix prompt — send this to Claude, Gemini, or ChatGPT with your artifact to auto-fix this rule 
You are editing an OpenAPI document to satisfy the Spotlight API governance rule 'info-owasp-api9-document-version' (Info OWASP API9 Document Version). Requirement: The API should declare a version in info.version so every published version is inventoried and retired versions can be tracked (OWASP API9 — improper inventory management). To fix: Ensure `version` is present and non-empty at each matching location. This rule is evaluated at the JSONPath `$.info` — inspect every location it matches and correct only what violates the rule. Make the smallest change that satisfies the rule, leave all unrelated content, key order, comments, and formatting unchanged, and keep the document valid OpenAPI. Return only the complete corrected document, with no commentary.
ArtifactOpenAPI
Applies at (given)$.info
Severityinfo — educational by default; raise to warn/error to enforce
Referencehttps://spotlight-rules.com/spec/rules/openapi/info-owasp-api9-document-version/
← Info Microcks Extension Valid
all OpenAPI rules
Info Require API Identifier →