{"id":13765130,"url":"https://github.com/Endava/cats","last_synced_at":"2025-05-10T20:31:44.935Z","repository":{"id":38341144,"uuid":"252459854","full_name":"Endava/cats","owner":"Endava","description":"CATS is a REST API Fuzzer and negative testing tool for OpenAPI endpoints. CATS automatically  generates, runs and reports tests with minimum configuration and no coding effort. Tests are self-healing and do not require maintenance.","archived":false,"fork":false,"pushed_at":"2025-04-08T05:47:21.000Z","size":24626,"stargazers_count":1253,"open_issues_count":4,"forks_count":81,"subscribers_count":12,"default_branch":"master","last_synced_at":"2025-04-13T13:20:04.051Z","etag":null,"topics":["api","fuzzer","java","openapi","rest-api","rest-fuzzer","swagger","testing"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Endava.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2020-04-02T13:14:39.000Z","updated_at":"2025-04-12T12:45:09.000Z","dependencies_parsed_at":"2023-09-27T18:05:14.758Z","dependency_job_id":"6c1bfd9b-4f0b-4a8f-a249-d5c2bb2d9e1d","html_url":"https://github.com/Endava/cats","commit_stats":{"total_commits":1767,"total_committers":12,"mean_commits":147.25,"dds":"0.019241652518392716","last_synced_commit":"a61b590e3e1fd5ebf565fb9738336c26b570ab73"},"previous_names":[],"tags_count":89,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Endava%2Fcats","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Endava%2Fcats/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Endava%2Fcats/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Endava%2Fcats/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Endava","download_url":"https://codeload.github.com/Endava/cats/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253480539,"owners_count":21915249,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["api","fuzzer","java","openapi","rest-api","rest-fuzzer","swagger","testing"],"created_at":"2024-08-03T16:00:34.342Z","updated_at":"2025-05-10T20:31:39.907Z","avatar_url":"https://github.com/Endava.png","language":"Java","readme":"\u003cp align=\"center\"\u003e\n\u003cpicture\u003e\n  \u003csource media=\"(prefers-color-scheme: dark)\" srcset=\"https://raw.githubusercontent.com/Endava/cats/master/images/cats_logo_dark.svg\" /\u003e\n  \u003cimg alt=\"CATS logo\" src=\"https://raw.githubusercontent.com/Endava/cats/master/images/cats_logo_light.svg\" width=\"400\"\u003e\n\u003c/picture\u003e\n\u003c/p\u003e\n\u003cp align=\"center\"\u003e\n\n![CI](https://img.shields.io/github/actions/workflow/status/Endava/cats/main.yml?style=for-the-badge\u0026logo=git\u0026logoColor=white)\n[![Commits](https://img.shields.io/github/commit-activity/m/Endava/cats?style=for-the-badge\u0026logo=git\u0026logoColor=white)](https://github.com/Endava/cats/pulse)\n\n\n[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=cats\u0026metric=alert_status)](https://sonarcloud.io/dashboard?id=cats)\n[![Technical Debt](https://sonarcloud.io/api/project_badges/measure?project=cats\u0026metric=sqale_index)](https://sonarcloud.io/dashboard?id=cats)\n[![Coverage](https://sonarcloud.io/api/project_badges/measure?project=cats\u0026metric=coverage)](https://sonarcloud.io/dashboard?id=cats)\n[![Bugs](https://sonarcloud.io/api/project_badges/measure?project=cats\u0026metric=bugs)](https://sonarcloud.io/dashboard?id=cats)\n[![Code Smells](https://sonarcloud.io/api/project_badges/measure?project=cats\u0026metric=code_smells)](https://sonarcloud.io/dashboard?id=cats)\n\n\u003c/p\u003e\n\n\u003e CATS documentation is available at [https://endava.github.io/cats/](https://endava.github.io/cats/)\n\n**REST API fuzzer and negative testing tool. Run thousands of self-healing API tests within minutes with no coding effort!**\n\n- **Comprehensive**: tests are generated automatically based on a large number scenarios and cover **every** field and header\n- **Intelligent**: tests are generated based on data types and constraints; each Fuzzer has specific expectations depending on the scenario under test\n- **Highly Configurable**: high amount of customization: you can filter specific Fuzzers, HTTP response codes, HTTP methods, request paths, provide business context and a lot more\n- **Self-Healing**: as tests are generated, any OpenAPI spec change is picked up automatically\n- **Simple to Learn**: flat learning curve, with intuitive configuration and syntax\n- **Fast**: automatic process for write, run and report tests which covers thousands of scenarios within minutes\n\n\u003cp align=\"center\"\u003e\u003c/p\u003e\n\n\u003e Short on time? Check out the [1-minute Quick Start Guide](https://endava.github.io/cats/docs/intro)!\n\n# Overview\nBy using a simple and minimal syntax, with a flat learning curve, CATS (**C**ontract **A**PI **T**esting and **S**ecurity) enables you to generate thousands of API tests within minutes with **no coding effort**.\nAll tests are **generated, run and reported automatically** based on a pre-defined set of **100+ Fuzzers**. \nThe Fuzzers cover a wide range of boundary testing and negative scenarios from fully random large Unicode values to well crafted, context dependant values based on the request data types and constraints. \nEven more, you can leverage the fact that CATS generates request payloads dynamically and write simple end-to-end functional tests.\n\n## HTML Report\n\n\u003cdiv align=\"center\"\u003e\n  \u003cimg alt=\"CATS\" width=\"100%\" src=\"images/tests_result.png\"/\u003e\n\u003c/div\u003e\n\n## Command Line\n\n\u003cdiv align=\"center\"\u003e\n  \u003cimg alt=\"CATS\" width=\"100%\" src=\"images/run_result.png\"/\u003e\n\u003c/div\u003e\n\n# Tutorials on how to use CATS\n\nThis is a list of articles with step-by-step guides on how to use CATS:\n* [Testing the GitHub API with CATS](https://ludovicianul.github.io/posts/github-api-testing/)\n* [How to write self-healing functional tests with no coding effort](https://ludovicianul.github.io/posts/self-healing-api-tests/)\n\n# Some bugs found by CATS\n\n- https://github.com/hashicorp/vault/issues/13274 | https://github.com/hashicorp/vault/issues/13273\n- https://github.com/hashicorp/vault/issues/13225 | https://github.com/hashicorp/vault/issues/13232\n- https://github.com/go-gitea/gitea/issues/19397  | https://github.com/go-gitea/gitea/issues/19398\n- https://github.com/go-gitea/gitea/issues/19399\n\n# Installation\n\n## Homebrew\n\n```shell\n\u003e brew tap endava/tap\n\u003e brew install cats\n```\n\n## Manual\nCATS is bundled both as an executable JAR or a native binary. The native binaries do not need Java installed. \n\nAfter downloading your OS native binary, you can add it to PATH so that you can execute it as any other command line tool:\n\n```shell\nsudo cp cats /usr/local/bin/cats\n```\n\nYou can also get autocomplete by downloading the [cats_autocomplete](cats_autocomplete) script and do:\n\n```shell\nsource cats_autocomplete\n```\n\nTo get persistent autocomplete, add the above line in `.zshrc` or `.bashrc`, but make sure you put the fully qualified path for the `cats_autocomplete` script.\n\nYou can also check the `cats_autocomplete` source for alternative setup.\n\nThere is no native binary for Windows, but you can use the uberjar version. This requires Java 21+ to be installed.\n\nYou can run it as `java -jar cats.jar`.\n\nHead to the releases page to download the latest version: [https://github.com/Endava/cats/releases](https://github.com/Endava/cats/releases).\n\n## Build from sources\n\nYou can build CATS from sources on you local box. You need [Java 21+](https://sdkman.io/jdks). Maven is already bundled.\n\n\u003e Before running the first build, please make sure you do a `./mvnw clean`. CATS uses a fork of [OKHttp](https://square.github.io/okhttp/) which will install locally\nunder the `4.11.0-CATS` version, so don't worry about overriding the official versions.\n\n\nYou can use the following Maven command to build the project as an uberjar:\n\n`./mvnw package -Dquarkus.package.type=uber-jar`\n\n\nYou will end up with a `cats-runner.jar` in the `target` folder. You can run it wih `java -jar cats-runner.jar ...`.\n\nYou can also build native images using a [GraalVM Java version](https://www.graalvm.org/).\n\n`./mvnw package -Pnative`\n\n### Notes on Unit Tests\n\nYou may see some `error` log messages while running the Unit Tests. Those are expected behaviour for testing the negative scenarios of the Fuzzers.\n\n## Experimental: Maven dependency for programmatic use\nCATS doesn't have explicit support (yet) for programmatic use via JUnit or TestNG. \nYou can however experiment with running the `CatsMain` class with the same arguments as you would run in the command line.\n\nYou must add these 2 dependencies:\n\n```xml\n\u003cdependency\u003e\n    \u003cgroupId\u003ecom.squareup.okhttp3\u003c/groupId\u003e\n    \u003cartifactId\u003eokhttp\u003c/artifactId\u003e\n    \u003cversion\u003e4.11.0\u003c/version\u003e\n\u003c/dependency\u003e\n\u003cdependency\u003e\n    \u003cgroupId\u003ecom.endava\u003c/groupId\u003e\n    \u003cartifactId\u003ecats\u003c/artifactId\u003e\n    \u003cversion\u003e9.0.3\u003c/version\u003e\n\u003c/dependency\u003e\n```\n\n\u003e Please not that you also need to explicitly add the `okhttp` dependency. \n\u003e CATS uses a fork of okhttp that is not published in Maven central.\n\u003e When using CATS as a dependency, HTTP header fuzzers that prefix/suffix header values with spaces won't properly work.\n\n# Contributing\nPlease refer to [CONTRIBUTING.md](CONTRIBUTING.md). \n","funding_links":[],"categories":["Tools","其他_安全与渗透","测试","Java"],"sub_categories":["网络服务_其他"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FEndava%2Fcats","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FEndava%2Fcats","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FEndava%2Fcats/lists"}