feat(rulesets): update docs

docs/reference/asyncapi-rules.md

@@ -261,6 +261,38 @@ This operation ID is essentially a reference for the operation. Tools may use it
 
 **Recommended:** Yes
 
+### asyncapi-operation-security
+
+Operation `security` values must match a scheme defined in the `components.securitySchemes` object. It also checks if there are `oauth2` scopes that have been defined for the given security.
+
+**Recommended:** Yes
+
+**Good Example**
+
+```yaml
+channels:
+  'user/signup':
+    publish:
+      security:
+        - petstore_auth: []
+components:
+  securitySchemes:
+    petstore_auth: ...
+```
+
+**Bad Example**
+
+```yaml
+channels:
+  'user/signup':
+    publish:
+      security:
+        - not_defined: []
+components:
+  securitySchemes:
+    petstore_auth: ...
+```
+
 ### asyncapi-parameter-description
 
 Parameter objects should have a `description`.
@@ -417,6 +449,32 @@ Server `security` values must match a scheme defined in the `components.security
 
 **Recommended:** Yes
 
+**Good Example**
+
+```yaml
+servers:
+  production:
+    url: test.mosquitto.org
+    security:
+      - petstore_auth: []
+components:
+  securitySchemes:
+    petstore_auth: ...
+```
+
+**Bad Example**
+
+```yaml
+servers:
+  production:
+    url: test.mosquitto.org
+    security:
+      - not_defined: []
+components:
+  securitySchemes:
+    petstore_auth: ...
+```
+
 ### asyncapi-server-variables
 
 All server URL variables should be defined in the `variables` object of the server. They should also not contain redundant variables that do not exist in the server address.