{"id":14986665,"url":"https://github.com/pb33f/wiretap","last_synced_at":"2026-04-04T14:02:55.230Z","repository":{"id":159982854,"uuid":"634974410","full_name":"pb33f/wiretap","owner":"pb33f","description":"The world's coolest API Validation and compliance tool. Validate APIs against OpenAPI specifications and much more","archived":false,"fork":false,"pushed_at":"2026-03-15T03:06:06.000Z","size":16172,"stargazers_count":212,"open_issues_count":11,"forks_count":27,"subscribers_count":2,"default_branch":"main","last_synced_at":"2026-03-15T03:06:52.180Z","etag":null,"topics":["api","api-gateway","api-rest","api-server","api-testing","mock","mock-server","openapi","openapi-spec","openapi-specification","openapi-validate","openapi-validation","openapi-validator","openapi3","prism","rest-api","rest-validators","stoplight","testing-tools","validation"],"latest_commit_sha":null,"homepage":"https://pb33f.io/wiretap/","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/pb33f.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2023-05-01T17:19:15.000Z","updated_at":"2026-03-15T03:05:47.000Z","dependencies_parsed_at":"2023-12-08T10:34:52.064Z","dependency_job_id":"09c9c349-67be-4ba7-a724-b22c14cb5018","html_url":"https://github.com/pb33f/wiretap","commit_stats":{"total_commits":181,"total_committers":5,"mean_commits":36.2,"dds":0.04972375690607733,"last_synced_commit":"e59e9ce08a7bf5610670e9837161f38a8bc3fb98"},"previous_names":[],"tags_count":89,"template":false,"template_full_name":null,"purl":"pkg:github/pb33f/wiretap","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pb33f%2Fwiretap","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pb33f%2Fwiretap/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pb33f%2Fwiretap/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pb33f%2Fwiretap/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pb33f","download_url":"https://codeload.github.com/pb33f/wiretap/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pb33f%2Fwiretap/sbom","scorecard":{"id":515361,"data":{"date":"2025-08-11","repo":{"name":"github.com/pb33f/wiretap","commit":"18213691dfdd58aefe30f705a3412a909c9416a4"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.6,"checks":[{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Maintained","score":5,"reason":"6 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 5","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":7,"reason":"Found 7/9 approved changesets -- score normalized to 7","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'contents' permission set to 'read': .github/workflows/publish.yaml:77","Warn: no topLevel permission defined: .github/workflows/build.yaml:1","Warn: no topLevel permission defined: .github/workflows/publish.yaml:1","Warn: no topLevel permission defined: .github/workflows/tag.yaml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yaml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/pb33f/wiretap/build.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yaml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/pb33f/wiretap/build.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yaml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/pb33f/wiretap/build.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yaml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/pb33f/wiretap/build.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yaml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/pb33f/wiretap/publish.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yaml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/pb33f/wiretap/publish.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish.yaml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/pb33f/wiretap/publish.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yaml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/pb33f/wiretap/publish.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yaml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/pb33f/wiretap/publish.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yaml:80: update your workflow using https://app.stepsecurity.io/secureworkflow/pb33f/wiretap/publish.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish.yaml:83: update your workflow using https://app.stepsecurity.io/secureworkflow/pb33f/wiretap/publish.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish.yaml:89: update your workflow using https://app.stepsecurity.io/secureworkflow/pb33f/wiretap/publish.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish.yaml:97: update your workflow using https://app.stepsecurity.io/secureworkflow/pb33f/wiretap/publish.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish.yaml:103: update your workflow using https://app.stepsecurity.io/secureworkflow/pb33f/wiretap/publish.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/publish.yaml:106: update your workflow using https://app.stepsecurity.io/secureworkflow/pb33f/wiretap/publish.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tag.yaml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/pb33f/wiretap/tag.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/tag.yaml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/pb33f/wiretap/tag.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/tag.yaml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/pb33f/wiretap/tag.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/tag.yaml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/pb33f/wiretap/tag.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/tag.yaml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/pb33f/wiretap/tag.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/tag.yaml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/pb33f/wiretap/tag.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/tag.yaml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/pb33f/wiretap/tag.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/tag.yaml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/pb33f/wiretap/tag.yaml/main?enable=pin","Warn: containerImage not pinned by hash: Dockerfile:1","Warn: containerImage not pinned by hash: Dockerfile:19","Warn: containerImage not pinned by hash: Dockerfile:36","Warn: npmCommand not pinned by hash: Dockerfile:12","Warn: downloadThenRun not pinned by hash: .github/workflows/build.yaml:29","Info:   0 out of  10 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of  13 third-party GitHubAction dependencies pinned","Info:   0 out of   1 npmCommand dependencies pinned","Info:   1 out of   1 goCommand dependencies pinned","Info:   0 out of   1 downloadThenRun dependencies pinned","Info:   0 out of   3 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/publish.yaml:8"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v0.4.5 not signed: https://api.github.com/repos/pb33f/wiretap/releases/220456359","Warn: release artifact v0.4.4 not signed: https://api.github.com/repos/pb33f/wiretap/releases/207077328","Warn: release artifact v0.4.3 not signed: https://api.github.com/repos/pb33f/wiretap/releases/203455927","Warn: release artifact v0.4.2 not signed: https://api.github.com/repos/pb33f/wiretap/releases/202114130","Warn: release artifact v0.4.1 not signed: https://api.github.com/repos/pb33f/wiretap/releases/201351092","Warn: release artifact v0.4.5 does not have provenance: https://api.github.com/repos/pb33f/wiretap/releases/220456359","Warn: release artifact v0.4.4 does not have provenance: https://api.github.com/repos/pb33f/wiretap/releases/207077328","Warn: release artifact v0.4.3 does not have provenance: https://api.github.com/repos/pb33f/wiretap/releases/203455927","Warn: release artifact v0.4.2 does not have provenance: https://api.github.com/repos/pb33f/wiretap/releases/202114130","Warn: release artifact v0.4.1 does not have provenance: https://api.github.com/repos/pb33f/wiretap/releases/201351092"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 29 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"21 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2024-3333","Warn: Project is vulnerable to: GO-2025-3503 / GHSA-qxp5-gwg8-xv66","Warn: Project is vulnerable to: GO-2025-3595 / GHSA-vvgc-356p-c3xw","Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg","Warn: Project is vulnerable to: GHSA-67mh-4wv8-2f99","Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv","Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55","Warn: Project is vulnerable to: GHSA-x7hr-w5r2-h6wg","Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm","Warn: Project is vulnerable to: GHSA-c24v-8rfc-w8vw","Warn: Project is vulnerable to: GHSA-8jhw-289h-jh2g","Warn: Project is vulnerable to: GHSA-64vr-g452-qvp3","Warn: Project is vulnerable to: GHSA-9cwx-2883-4wfx","Warn: Project is vulnerable to: GHSA-vg6x-rcgg-rjx6","Warn: Project is vulnerable to: GHSA-x574-m823-4x7w","Warn: Project is vulnerable to: GHSA-4r4m-qw57-chr8","Warn: Project is vulnerable to: GHSA-xcj6-pq6g-qj4x","Warn: Project is vulnerable to: GHSA-356w-63v5-8wf4","Warn: Project is vulnerable to: GHSA-859w-5945-r5v3"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-20T01:40:39.287Z","repository_id":159982854,"created_at":"2025-08-20T01:40:39.288Z","updated_at":"2025-08-20T01:40:39.288Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31402277,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-04T10:20:44.708Z","status":"ssl_error","status_checked_at":"2026-04-04T10:20:06.846Z","response_time":60,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["api","api-gateway","api-rest","api-server","api-testing","mock","mock-server","openapi","openapi-spec","openapi-specification","openapi-validate","openapi-validation","openapi-validator","openapi3","prism","rest-api","rest-validators","stoplight","testing-tools","validation"],"created_at":"2024-09-24T14:13:18.394Z","updated_at":"2026-04-04T14:02:55.180Z","avatar_url":"https://github.com/pb33f.png","language":"Go","readme":"# wiretap\n\n![logo](.github/wiretap-hero.png)\n\n[![discord](https://img.shields.io/discord/923258363540815912)](https://discord.gg/x7VACVuEGP)\n[![GitHub downloads](https://img.shields.io/github/downloads/pb33f/wiretap/total?label=github%20downloads\u0026style=flat-square)](https://github.com/pb33f/wiretap/releases)\n[![npm](https://img.shields.io/npm/dm/@pb33f/wiretap?style=flat-square\u0026label=npm%20downloads)](https://www.npmjs.com/package/@pb33f/wiretap)\n[![Docker Pulls](https://img.shields.io/docker/pulls/pb33f/wiretap?style=flat-square)](https://hub.docker.com/r/pb33f/wiretap)\n\nA local and pipeline based tool to sniff API request and responses from clients and servers\nto detect OpenAPI contract violations and compliance.\n\nA shift left tool, for those who want to know if their applications\nare actually compliant with an API.\n\n\u003e This is an early tool and in active development, Why not try it out and give us some feedback?\n\n![](https://github.com/pb33f/wiretap/blob/main/.github/assets/wiretap-preview.gif)\n\n---\n# Read the quickstart guide\n\n[🚀 Quick Start Guide 🚀](https://pb33f.io/wiretap/quickstart/)\n\n---\n# Install wiretap for your platform\n\n## Installing using homebrew\n\nThe easiest way to install `wiretap` is to use **[homebrew](https://brew.sh)** if you're on OSX or Linux.\n\nWe have our own tap available that gives the latest and greatest version.\n\n```shell\nbrew install pb33f/taps/wiretap\n```\n\n---\n\n## Installing using npm or yarn\n\nBuilding a JavaScript / TypeScript application? No problem, grab your copy of `wiretap` using your preference\nof **[yarn](https://yarnpkg.com/)** or **[npm](https://npmjs.com)**.\n\n```shell\nyarn add global @pb33f/wiretap\n```\n\nor...\n\n```shell\nnpm -i -g @pb33f/wiretap\n```\n\n---\n\n## Installing using cURL\n\nDo you want to use `wiretap` in a linux only or CI/CD pipeline or workflow? Or you don't want to/can't use\na package manager like brew?\n\nNo problem. Use **cURL** to download and run our installer script.\n\n```shell\ncurl -fsSL https://pb33f.io/wiretap/install.sh | sh\n```\n\n---\n\n## Installing/running using Docker\n\nLove containers? Don't want to install anything? No problem, use our Docker image.\n\n```shell\ndocker pull pb33f/wiretap\n```\n\n```\ndocker run -p 9090:9090 -p 9091:9091 -p 9092:9092 --rm -v  \\\n    $PWD:/work:rw pb33f/wiretap -u https://somehostoutthere.com\n```\n\nWe enable the following default ports `9090`, `9091`, and `9092` for the daemon, monitor, and websockets used\nby [ranch](https://github.com/pb33f/ranch) respectively.\n\n---\n\n## Installing on Windows\n\nTo grab your copy of `wiretap` for Windows, you can pull it from the\n**[latest releases on github](https://github.com/pb33f/wiretap/releases)**\nand download the Windows version for your CPU type.\n\n---\n\n# Running wiretap\n\nTo get up and running with the absolute defaults (which is to sniff all traffic on port 9090)\nand proxy to `https://api.pb33f.com` you can run the following command.\n\n```shell\nwiretap -u https://api.pb33f.com\n```\n\n## Adding an OpenAPI contract\n\n```shell\nwiretap -u https://api.pb33f.com -s my-openapi-spec.yaml\n```\n\n# Documentation\n\n- 🚀 [Quick Start](https://pb33f.io/wiretap/quickstart/) 🚀\n- [Installing](https://pb33f.io/wiretap/quickstart/)\n- [Configuring](https://pb33f.io/wiretap/configuring/)\n- [Monitor UI](https://pb33f.io/wiretap/monitor/)\n- [Serving static content](https://pb33f.io/wiretap/static-content/)\n- [GiftShop example API](https://pb33f.io/wiretap/giftshop-api/)\n- [Contributing](https://pb33f.io/wiretap/contributing/)\n\n","funding_links":[],"categories":["Go"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpb33f%2Fwiretap","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpb33f%2Fwiretap","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpb33f%2Fwiretap/lists"}