DORA Compliance Auditor for OpenAPI Specs
Project description
PanDoraSpec
The Open DORA Compliance Engine for OpenAPI Specs.
PanDoraSpec is a CLI tool that performs deep technical due diligence on APIs to verify compliance with DORA (Digital Operational Resilience Act) requirements. It compares OpenAPI/Swagger specifications against real-world implementation to detect schema drift, resilience gaps, and security issues.
📦 Installation
pip install pandoraspec
System Requirements
The PDF report generation requires weasyprint, which depends on Pango.
macOS:
brew install pango
Debian / Ubuntu:
sudo apt-get install libpango-1.0-0 libpangoft2-1.0-0
🛠️ Development Setup
To run the CLI locally without reinstalling after every change:
- Clone & CD:
git clone ...
cd pandoraspec
- Create & Activate Virtual Environment: It's recommended to use a virtual environment to keep dependencies isolated.
python3 -m venv venv
source venv/bin/activate # On Windows: venv\Scripts\activate
- Editable Install:
pip install -e .
This links the pandoraspec command directly to your source code. Any changes you make will be reflected immediately.
🚀 Usage
Run the audit directly from your terminal.
Basic Scan
pandoraspec https://petstore.swagger.io/v2/swagger.json
With Options
pandoraspec https://api.example.com/spec.json --vendor "Stripe" --key "sk_live_..."
Local File
pandoraspec ./openapi.yaml
🛡️ What It Checks
Module A: The Integrity Test (Drift)
Checks if your API implementation matches your documentation.
- Why? DORA requires you to monitor if the service effectively supports your critical functions. If the API behaves differently than documented, it's a risk.
Module B: The Resilience Test
Stress tests the API to ensure it handles invalid inputs gracefully (4xx vs 5xx).
- Why? DORA Article 25 calls for "Digital operational resilience testing".
Module C: Security Hygiene
Checks for common security headers and configurations.
Module D: The Report
Generates a PDF report: "DORA ICT Third-Party Technical Risk Assessment".
📄 License
MIT
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file pandoraspec-0.1.4.tar.gz.
File metadata
- Download URL: pandoraspec-0.1.4.tar.gz
- Upload date:
- Size: 11.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
f77755ce9a03de6749de29b3f73eadd953d0e005b9a7cc2a106d35770a7ac786
|
|
| MD5 |
dbf5eb9cf27730dace8add85c05627e1
|
|
| BLAKE2b-256 |
7c0870e3daf4636919761d1d429e06fd42aa9c9b11061dadcf599bbcb25a2ca2
|
File details
Details for the file pandoraspec-0.1.4-py3-none-any.whl.
File metadata
- Download URL: pandoraspec-0.1.4-py3-none-any.whl
- Upload date:
- Size: 11.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
09bba459a0700439f6cca14e7bf7c9b66532f885cdeb1d86d506660e76be7b7a
|
|
| MD5 |
c9fdfa0bf5e10202eeeea5bf76650b10
|
|
| BLAKE2b-256 |
0d1b30d207161cd47dce17bd3e3a3b2fb3e28f4a7ae909685b7727fbe320c89c
|
