Scanning your catalogs and spaces
How to use the governance service to run validation scans on your catalogs and spaces. You can run scans on both the APIs and the products within your catalogs and spaces.
Before you begin
- Organization Administrator
- Owner
- Custom role with the
Settings: Manage
permission.
About this task
The governance service in IBM® API Connect can be used to validate and enforce organizational governance policies and best practices to your API development process. The governance service contains the following types of rulesets:
- API
-
- Provider organization rulesets - these are custom rulesets that contain the rules that are created in, and are specific to, your provider organization for validating APIs.
- Global rulesets - these are pre-configured IBM and Spectral rulesets that contain the rules that are shared with your provider organization for validating APIs, and cannot be edited. Note that the Spectral ruleset names are prefixed by spectral-, and that their version matches the version of that ruleset that's available in Spectral.
- Product
-
- Provider organization rulesets - these are custom rulesets that contain the rules that are created in, and are specific to, your provider organization for validating products.
- Global rulesets - these are pre-configured custom rulesets that contain the rules that are shared with your provider organization for validating products, and cannot be edited.
You can create your own provider organization rulesets to validate your Swagger, OpenAPI, and AsyncAPI documents against, as well as product documents, or use any global rulesets that are provided by default. For more information about configuring rulesets, see Configuring governance in the API Manager.
Governance in API Connect is based on the open-source Spectral linter; for more information about Spectral, see https://docs.stoplight.io/docs/spectral/674b27b261c3c-overview.
Validation scanning can be run on one or more API or product documents, or on a single catalog or space. The following instructions describe how to run validation scans on a catalog or space by using the API Manager UI, or the toolkit CLI. For information about how to run validation scans on one or more API or product documents, see Validating an API or product document by using governance.
- You can select only one catalog or space to run each validation scan on. However, you can run multiple scans at the same time.
- You can also run a validation scan from within a catalog or space. Open the catalog or space that you want to scan, and then select the Governance tab. Ensure Scans is selected, click API or Product depending on what you want to scan, and then click New scan, and follow the scan wizard.
- Validation scanning by catalog or space is not available in the API Designer UI.
- Running a validation scan using the API Manager UI.
- Running a validation scan using the toolkit CLI.
Procedure
Results
What to do next
- Click Export to export all of the scan data as a .csv file.
- Click Re-run scan to generate a new scan report based on the same configuration data. Each run of the same scan generates a new report.
- The date and time of each scan report is displayed at the beginning of the dashboard, and if you have run more than one scan, you can select which scan report you want to view from the Scanned date list.
- From the options menu , you can select Rename or Delete.
- You can view each of the scorecard charts in tabular form, and download that data as .csv files.
- You can use the filter options on the table of messages to display the data that you require, and you can also change the sort order of the columns.