Data

Tools

Indexes

Applications

Experiments

Open Source Science

schemathesis

Catch API bugs before your users do

https://github.com/schemathesis/schemathesis

Science Score: 54.0%

This score indicates how likely this project is to be science-related based on various indicators:

  • CITATION.cff file
    Found CITATION.cff file
  • codemeta.json file
    Found codemeta.json file
  • .zenodo.json file
    Found .zenodo.json file
  • DOI references
  • Academic publication links
  • Committers with academic emails
    1 of 67 committers (1.5%) from academic institutions
  • Institutional organization owner
  • JOSS paper metadata
  • Scientific vocabulary similarity
    Low similarity (12.9%) to scientific vocabulary

Keywords

api api-testing cli fuzzing graphql hypothesis openapi property-based-testing pytest swagger testing

Keywords from Contributors

gravitational-lensing yapf pre-commit-hook gofmt formatter codeformatter autopep8 python39 python313 python312
Last synced: 4 months ago · JSON representation ·

Repository

Catch API bugs before your users do

Basic Info
Statistics
  • Stars: 2,695
  • Watchers: 19
  • Forks: 182
  • Open Issues: 48
  • Releases: 0
Topics
api api-testing cli fuzzing graphql hypothesis openapi property-based-testing pytest swagger testing
Created over 6 years ago · Last pushed 4 months ago
Metadata Files
Readme Changelog Contributing Funding License Code of conduct Citation Security

README.md

Build Coverage Version Python versions Discord License

Schemathesis

Catch API bugs before your users do.

Schemathesis automatically generates thousands of test cases from your OpenAPI or GraphQL schema and finds edge cases that break your API.

Schemathesis automatically finding a server error
Finding bugs that manual testing missed

Try it now

```console

Test a demo API - finds real bugs instantly

uvx schemathesis run https://example.schemathesis.io/openapi.json

Test your own API

uvx schemathesis run https://your-api.com/openapi.json ```

What problems does it solve?

  • 💥 500 errors that crash your API on edge case inputs
  • 📋 Schema violations where your API returns different data than documented
  • 🚪 Validation bypasses where invalid data gets accepted
  • 🔗 Integration failures when responses don't match client expectations

⚠️ Upgrading from older versions? Check our Migration Guide for key changes.

Installation & Usage

Command Line: console uv pip install schemathesis schemathesis run https://your-api.com/openapi.json

Python Tests: ```python import schemathesis

schema = schemathesis.openapi.from_url("https://your-api.com/openapi.json")

@schema.parametrize() def testapi(case): case.calland_validate() # Finds bugs automatically ```

CI/CD: yaml - uses: schemathesis/action@v2 with: schema: "https://your-api.com/openapi.json"

Who uses it

Used by teams at Spotify, WordPress, JetBrains, Red Hat and dozens other companies.

"Schemathesis is the best tool for fuzz testing of REST API on the market. We are at Red Hat use it for examining our applications in functional and integrations testing levels." - Dmitry Misharov, RedHat

Documentation

📚 Complete documentation with guides, examples, and API reference.

Get Help

Contributing

We welcome contributions! See our contributing guidelines and join discussions in issues or Discord.

Acknowledgements

Schemathesis is built on top of Hypothesis, a powerful property-based testing library for Python.

License

This project is licensed under the terms of the MIT license.

Owner

  • Name: Schemathesis.io
  • Login: schemathesis
  • Kind: organization
  • Email: support@schemathesis.io
  • Location: Czech Republic

Run thousands of test scenarios based on your API specification and always be sure your API works as expected.

Citation (CITATION.cff) 

cff-version: 1.2.0
message: "If you use this software, please cite it as below."
authors:
  - family-names: "Hatfield-Dodds"
    given-names: "Zac"
    orcid: "https://orcid.org/0000-0002-8646-8362"
  - family-names: "Dygalo"
    given-names: "Dmitry"
title: "Schemathesis"
version: 3.8.15
date-released: 2023-02-18
url: "https://github.com/schemathesis/schemathesis"
preferred-citation:
  type: article
  authors:
    - family-names: "Hatfield-Dodds"
      given-names: "Zac"
      orcid: "https://orcid.org/0000-0002-8646-8362"
    - family-names: "Dygalo"
      given-names: "Dmitry"
  title: "Deriving Semantics-Aware Fuzzers from Web API Schemas"
  doi: "10.48550/arXiv.2112.10328"
  date-released: 2021-12-20
  url: "https://arxiv.org/abs/2112.10328"

Committers

Last synced: 6 months ago

All Time
  • Total Commits: 3,058
  • Total Committers: 67
  • Avg Commits per committer: 45.642
  • Development Distribution Score (DDS): 0.19
Past Year
  • Commits: 719
  • Committers: 10
  • Avg Commits per committer: 71.9
  • Development Distribution Score (DDS): 0.15
Top Committers
Name Email Commits
Dmitry Dygalo d****y@d****v 2,478
Dmitry Dygalo d****o@k****m 126
dependabot[bot] 4****] 119
Stanislav Tkachenko s****o@k****m 87
CI on behalf of the Schemathesis team t****m@s****o 72
Dmitry Dygalo d****y@s****o 50
Alex Viscreanu a****u@g****m 10
Pavel Dedik p****k@k****m 8
dongfangtianyu 7****u 8
Alexander Hultnér a****r@g****m 7
Barrett Schonefeld b****d@i****m 6
ildar nizamov i****v@p****m 5
Phil Krylov p****v@g****m 5
Hebert Júlio h****o@y****r 4
Maryna Nalbandian m****d@r****m 3
Viacheslav Butorov b****v@g****m 3
Stevie s****t@b****m 3
Stanislav Tkachenko c****l@g****m 3
zhukovgreen i****m@z****o 3
Matthew Davis g****b@m****z 2
Kian-Meng Ang k****g@c****g 2
Joshua Tucker j****h@t****s 2
James Cooke j****e 2
Nikita Sobolev m****l@s****e 2
Huw Jones h****w@p****m 2
Frederik Aalund f****a@s****m 2
Angelina Nikiforova a****r@r****m 2
Kostas Petrakis k****s@s****m 2
Andrew Sansom q****n@g****m 2
Agata Kargol a****a@p****m 1
and 37 more...
Committer Domains (Top 20 + Academic)
kiwi.com: 3 redhat.com: 3 schemathesis.io: 2 ibm.com: 2 nrrd.de: 1 planet.com: 1 sendcloud.com: 1 sbtinstruments.com: 1 pexip.com: 1 sobolevn.me: 1 tucker.wales: 1 cpan.org: 1 mdavis.xyz: 1 zhukovgreen.pro: 1 backmarket.com: 1 yahoo.com.br: 1 ptsecurity.com: 1 bronze-deer.de: 1 murphymark.me: 1 ahduni.edu.in: 1

Issues and Pull Requests

Last synced: 4 months ago

All Time
  • Total issues: 357
  • Total pull requests: 1,356
  • Average time to close issues: 12 months
  • Average time to close pull requests: 2 days
  • Total issue authors: 144
  • Total pull request authors: 28
  • Average comments per issue: 2.21
  • Average comments per pull request: 1.57
  • Merged pull requests: 1,252
  • Bot issues: 1
  • Bot pull requests: 282
Past Year
  • Issues: 80
  • Pull requests: 671
  • Average time to close issues: 25 days
  • Average time to close pull requests: about 20 hours
  • Issue authors: 48
  • Pull request authors: 14
  • Average comments per issue: 2.34
  • Average comments per pull request: 1.54
  • Merged pull requests: 604
  • Bot issues: 0
  • Bot pull requests: 147
View more stats
Top Authors
Issue Authors
  • Stranger6667 (129)
  • devkral (12)
  • hoog1511 (11)
  • ravy (10)
  • silverbucket (7)
  • pregress (6)
  • niya3 (5)
  • allanlewis (4)
  • Panaetius (4)
  • hdr1210 (3)
  • jiejunsailor (3)
  • AryanGodara (3)
  • acdha (3)
  • flashcode (3)
  • BronzeDeer (2)
Pull Request Authors
  • Stranger6667 (1,319)
  • dependabot[bot] (217)
  • github-actions[bot] (142)
  • Enimalojd (6)
  • qthequartermasterman (4)
  • butorov (3)
  • kayoub5 (3)
  • Imbalanceone (2)
  • dzherb (2)
  • tmiddlehurst (2)
  • BronzeDeer (2)
  • flashcode (2)
  • sobolevn (2)
  • devkral (2)
  • kbaikov (2)
Top Labels
Issue Labels
Type: Bug (152) Type: Feature (113) Status: Needs Triage (97) Priority: Medium (90) Difficulty: Intermediate (57) Priority: High (40) Status: Needs Design (37) UX: Reporting (36) Specification: OpenAPI (31) Core: Data Generation (26) UX: Usability (26) Priority: Low (24) Difficulty: Hard (20) Component: CLI (18) Status: Review Needed (18) Difficulty: Beginner (11) Type: Documentation (11) Hacktoberfest (9) Component: Hooks (9) Type: Enhancement (8) Core: Checks (8) Core: Transport (8) Specification: GraphQL (7) Status: Needs more info (7) Core: Stateful testing (7) Difficulty: Easy (5) Python: Pytest (5) Type: Compatibility (5) Difficulty: Medium (4) Priority: Critical (4)
Pull Request Labels
dependencies (217) github_actions (180) python (25) Type: Compatibility (1)

Packages

  • Total packages: 3
  • Total downloads:
    • pypi 645,556 last-month
  • Total docker downloads: 66,783
  • Total dependent packages: 1
    (may contain duplicates)
  • Total dependent repositories: 122
    (may contain duplicates)
  • Total versions: 735
  • Total maintainers: 1
pypi.org: schemathesis

Property-based testing framework for Open API and GraphQL based apps

  • Versions: 364
  • Dependent Packages: 1
  • Dependent Repositories: 122
  • Downloads: 645,556 Last month
  • Docker Downloads: 66,783
Rankings
Downloads: 1.0%
Docker downloads count: 1.1%
Dependent repos count: 1.4%
Stargazers count: 1.6%
Average: 3.2%
Forks count: 4.1%
Dependent packages count: 10.1%
Maintainers (1)
Stranger6667
Funding
  • https://github.com/sponsors/Stranger6667
Last synced: 4 months ago
proxy.golang.org: github.com/schemathesis/schemathesis
  • Versions: 363
  • Dependent Packages: 0
  • Dependent Repositories: 0
Rankings
Dependent packages count: 6.5%
Average: 6.7%
Dependent repos count: 6.9%
Last synced: 4 months ago
conda-forge.org: schemathesis
  • Versions: 8
  • Dependent Packages: 0
  • Dependent Repositories: 0
Rankings
Stargazers count: 9.3%
Forks count: 15.3%
Average: 27.5%
Dependent repos count: 34.0%
Dependent packages count: 51.2%
Last synced: 4 months ago

Dependencies

.github/workflows/build.yml actions
  • actions/checkout v3.0.0 composite
  • actions/setup-python v3.1.0 composite
  • ammaraskar/sphinx-action master composite
  • codecov/codecov-action v3.0.0 composite
.github/workflows/codeql-analysis.yml actions
  • actions/checkout v3.0.0 composite
  • github/codeql-action/analyze v2.1.8 composite
  • github/codeql-action/autobuild v2.1.8 composite
  • github/codeql-action/init v2.1.8 composite
.github/workflows/commit.yml actions
  • actions/checkout v3.0.0 composite
  • aevea/commitsar v0.18.0 composite
.github/workflows/example-build.yml actions
  • actions/checkout v3.0.0 composite
  • actions/setup-python v4 composite
  • schemathesis/action v1 composite
  • postgres * docker
.github/workflows/example-no-build.yml actions
  • schemathesis/action v1 composite
.github/workflows/master_update.yml actions
  • actions/checkout v3.0.0 composite
  • aevea/action-kaniko v0.6.2 composite
.github/workflows/release.yml actions
  • actions/checkout v3.0.0 composite
  • actions/setup-python v3.1.0 composite
  • aevea/action-kaniko v0.6.2 composite
  • pypa/gh-action-pypi-publish release/v1 composite
.github/workflows/scheduled.yml actions
  • actions/checkout v3.0.0 composite
  • actions/setup-python v3.1.0 composite
Dockerfile docker
  • python 3.10-alpine build
example/Dockerfile docker
  • python 3.10.5-slim build
example/docker-compose.yml docker
  • postgres 14
docs/requirements.txt pypi
  • sphinx ==5.3.0
  • sphinx-click ==4.3.0
  • sphinx_rtd_theme ==1.1.1
example/requirements.in pypi
  • asyncpg *
  • connexion *
  • pytest *
  • schemathesis *
example/requirements.txt pypi
  • aiohttp ==3.8.5
  • aiohttp-jinja2 ==1.5
  • aiosignal ==1.2.0
  • anyio ==3.6.1
  • async-timeout ==4.0.2
  • asyncpg ==0.26.0
  • attrs ==21.4.0
  • certifi ==2023.7.22
  • charset-normalizer ==2.0.12
  • click ==8.1.3
  • clickclick ==20.10.2
  • colorama ==0.4.5
  • connexion ==2.14.0
  • curlify ==2.2.1
  • flask ==2.1.3
  • frozenlist ==1.3.0
  • graphql-core ==3.2.1
  • hypothesis ==6.53.0
  • hypothesis-graphql ==0.9.0
  • hypothesis-jsonschema ==0.22.0
  • idna ==3.3
  • inflection ==0.5.1
  • iniconfig ==1.1.1
  • itsdangerous ==2.1.2
  • jinja2 ==3.1.2
  • jsonschema ==4.7.2
  • junit-xml ==1.9
  • markupsafe ==2.1.1
  • multidict ==6.0.2
  • packaging ==21.3
  • pluggy ==1.0.0
  • py ==1.11.0
  • pyparsing ==3.0.9
  • pyrsistent ==0.18.1
  • pytest ==7.1.2
  • pytest-subtests ==0.7.0
  • pyyaml ==6.0
  • requests ==2.27.1
  • schemathesis ==3.16.0
  • six ==1.16.0
  • sniffio ==1.2.0
  • sortedcontainers ==2.4.0
  • starlette ==0.27.0
  • swagger-ui-bundle ==0.0.9
  • tomli ==2.0.1
  • tomli-w ==1.0.0
  • typing-extensions ==4.3.0
  • urllib3 ==1.26.11
  • werkzeug ==2.1.2
  • yarl ==1.7.2
pyproject.toml pypi
  • PyYAML >=5.1,<7.0
  • backoff >=2.1.2,<3.0
  • click >=7.0,<9.0
  • colorama >=0.4,<1.0
  • curlify >=2.2.1,<3.0
  • httpx >=0.22.0,<1.0
  • hypothesis >=6.31.6,<7
  • hypothesis_graphql >=0.9.0,<1
  • hypothesis_jsonschema >=0.22.1,<1
  • importlib_metadata >=1.1,!=3.8,<5; python_version<'3.8'
  • jsonschema >=4.3.2,<5.0
  • junit-xml >=1.9,<2.0
  • pyrate-limiter >=2.10,<3.0
  • pytest >=4.6.4,<8
  • pytest-subtests >=0.2.1,<0.8.0
  • requests >=2.22,<3
  • starlette >=0.13,<1
  • starlette-testclient ==0.2.0
  • tomli >=2.0.1,<3.0
  • tomli-w >=1.0.0,<2.0
  • typing-extensions >=3.7,<5
  • werkzeug >=0.16.0,<=3
  • yarl >=1.5,<2.0