Stowage/dependency-track
2
0
Fork 0
mirror of https://github.com/DependencyTrack/dependency-track.git synced 2026-06-18 19:41:42 +00:00
Code Issues Projects Releases Packages Wiki Activity
dependency-track/api
History
Exact
dependabot[bot] d5ca82a924
chore(deps-dev): Bump org.openapitools:openapi-generator-maven-plugin 
Bumps org.openapitools:openapi-generator-maven-plugin from 7.22.0 to 7.23.0.

---
updated-dependencies:
- dependency-name: org.openapitools:openapi-generator-maven-plugin
  dependency-version: 7.23.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-06-17 08:08:25 +00:00
..
src/main Add problem type for invalid sort field errors 2026-06-06 15:52:11 +02:00
pom.xml chore(deps-dev): Bump org.openapitools:openapi-generator-maven-plugin 2026-06-17 08:08:25 +00:00
README.md Streamline OpenAPI spec directly layout 2026-04-27 16:21:59 +02:00

README.md

api

Source-of-truth for Dependency-Track's REST API v2, in OpenAPI v3.0 format. The spec is split across many small files and assembled at build time by openapi-generator, which produces JAX-RS interfaces and Java DTOs.

The API draws inspiration from Zalando's RESTful API Guidelines. Conformance to those guidelines and to project conventions is enforced with spectral in CI:

make lint-openapi

Layout

src/main/openapi/
  openapi.yaml                      # info, tags, security, top-level path bindings
  shared/                           # cross-resource components
    parameters/
    responses/
    schemas/
  resources/<resource>/             # one directory per API tag
    <noun>[-<qualifier>].yaml       # one file per URL (all methods for that path)
    schemas/                        # schemas owned by this resource

Resource directories map 1:1 to tags declared in openapi.yaml. A path file under resources/<r>/ is referenced from openapi.yaml via a single $ref.

Conventions

  • One file per URL. A path file holds all HTTP methods for one URL. OpenAPI 3.0 only allows $ref at the PathItem level, not under individual methods.
  • Filenames are kebab-case.
  • Schema basenames are globally unique across **/schemas/**. The generated Java class name is derived from the filename stem, so collisions would silently drop a class. Enforced by make lint-openapi.
  • Cross-resource $refs only into shared/. A path or schema under resources/<a>/ may not reference files under resources/<b>/. Promote to shared/ when reuse arises.
  • Tags. Every operation must declare exactly one tag, drawn from the canonical list in openapi.yaml. Enforced by spectral.

Adding an endpoint

  1. Decide which resource (tag) owns it. If new, add a tag entry to openapi.yaml and create resources/<resource>/.
  2. Create the path file at resources/<resource>/<noun>.yaml with all of its HTTP methods.
  3. Place new request/response schemas under resources/<resource>/schemas/. Promote shared shapes to shared/schemas/.
  4. Add the URL ↔ file mapping to openapi.yaml's paths: section.
  5. Run make lint-openapi and make build to verify.