Skip to content

SYSTEM Cited by 1 source

Zally (Zalando API linter)

Definition

Zally (github.com/zalando/zally) is Zalando's open-source linter for OpenAPI / Swagger API specifications, enforcing the Zalando RESTful API Guidelines. It evaluates specs against a rule set and classifies violations by severity: MUST, SHOULD, MAY, HINT. At Zalando many teams configure CI so MUST validations must pass on every build — Zally is the enforcement point of the API-first discipline (Source: sources/2021-06-30-zalando-how-we-use-kotlin-for-backend-services).

Role in the Zalando stack

  • Centrally-operated API portal lists all Zalando APIs in one place with their Zally linting results attached. The portal is the catalog + quality-gate dashboard combined.
  • MUST-severity rules are CI-blocking by team policy — teams configure Zally's api-console or CLI in their build pipeline, and a MUST violation fails the build. This is what makes API-first operational rather than aspirational.
  • Shipped as both a REST service and a CLI — teams can point the hosted Zally instance at their spec URL, or run the CLI locally / in CI.

What makes it distinctive

  • Codifies a published guideline document — the rules derive one-to-one from the RESTful API Guidelines document, which itself is an open-source living spec. The linter is the executable embodiment of the written guideline; changing a rule means updating both.
  • Severity tiers map to enforcement policy — MUST = CI-gate, SHOULD = review comment, MAY = informational, HINT = style. The same lint tool serves both hard gating and soft guidance depending on how teams wire severity thresholds into CI.
  • OpenAPI-first, not code-first — Zally validates the spec, not the implementation. A team defines the OpenAPI document first, Zally lints it, generated stubs/clients land in the codebase — reinforcing API-first.

Seen in

  • sources/2021-06-30-zalando-how-we-use-kotlin-for-backend-services — Zally named as the Zalando default for Kotlin (and generally JVM) backend services: "API linting can also be required to pass for MUST validations on every build." Part of the platform-default stack the Kotlin Guild published when Kotlin moved TRIAL → ADOPT on the Tech Radar.

Comparable systems

  • Spectral (Stoplight) — the more widely-adopted open-source OpenAPI linter outside Zalando; similar rule-as-code architecture.
  • Optic — contract-testing-oriented, richer than pure linting.
  • OpenAPI spec validators (Swagger Validator, openapi-spec-validator) — schema-level validators; Zally goes beyond schema correctness to style and API guideline conformance.
Last updated · 476 distilled / 1,218 read