Home / keploy / keploy
Repository Analysis

keploy/keploy

Open-source platform for creating safe, isolated production sandboxes for API, integration, and E2E testing.

6.8 Low AI signal View on GitHub
6.8
Adjusted Score
6.8
Raw Score
100%
Time Factor
2026-05-30
Last Push
17,576
Stars
Go
Language
150,249
Lines of Code
578
Files
800
Pattern Hits
2026-05-31
Scan Date

Score History

Severity Breakdown

CRITICAL 1HIGH 0MEDIUM 87LOW 712

Pattern Findings

800 matches across 11 categories. Click a row to expand file-level details.

Over-Commented Block652 hits · 629 pts
SeverityFileLineSnippet
LOWgoreleaser.yaml101 - amd64
LOWmain.go281}
LOWmain.go301// runs (sudo / docker / cloud-replay re-exec paths print only once). On
LOWtools/lint/no_timestamp_in_parser/analyzer.go1// Package notimestampinparser implements a go/analysis analyzer that forbids
LOWtools/lint/no_timestamp_in_parser/analyzer.go101 })
LOWtools/lint/no_timestamp_in_parser/analyzer_test.go1package notimestampinparser
LOW…n_parser/testdata/src/suppressed/recorder/record_v2.go21func UptimeSinceBoot(boot time.Time) time.Duration {
LOWconfig/config.go81 TLSPrivateKeyPath string `json:"tlsPrivateKeyPath" yaml:"tlsPrivateKeyPath" mapstructure:"tlsPrivateKeyPath"`
LOWconfig/config.go101 // wired so the keylog file populates), opens a fresh tls.Client
LOWconfig/config.go121 // incomplete" warnings with reason "per_conn_cap" or "channel_full"
LOWconfig/default.go81 #
LOWtests/e2e/agent-ready-gated-on-ca/run.sh1#!/usr/bin/env bash
LOWtests/e2e/agent-ready-gated-on-ca/docker-compose.yml1# End-to-end harness for tests/e2e/agent-ready-gated-on-ca.
LOWtests/e2e/agent-ready-gated-on-ca/docker-compose.yml21 # cold GitHub Actions runner this totals ~2–3s; 15s leaves ~12s of
LOWtests/e2e/agent-ready-gated-on-ca/harness/main.go1// Command e2e-agent-ready-harness is a minimal wrapper around the
LOWtests/e2e/chaos-broken-parser/chaos_test.go21// TestChaosBrokenParser invokes the harness as a subprocess with a
LOWtests/e2e/chaos-broken-parser/e2e_tag_enabled_test.go1//go:build e2e
LOWtests/e2e/chaos-broken-parser/docker-compose.yml1# End-to-end chaos harness for tests/e2e/chaos-broken-parser.
LOWtests/e2e/chaos-broken-parser/docker-compose.yml21# the panic-recovery invariants this test guards. The in-process
LOWtests/e2e/chaos-broken-parser/harness/broken_parser.go1//go:build chaos_broken_parser
LOWtests/e2e/chaos-broken-parser/harness/broken_parser.go21// STATUS ON THIS BRANCH (feat/proxy-v2-foundation):
LOWtests/e2e/chaos-broken-parser/harness/broken_parser.go41// integrations.POSTGRES_V2 so p.integrationsPriority lists it
LOWtests/e2e/chaos-broken-parser/harness/broken_parser.go61 "log"
LOW…/e2e/chaos-broken-parser/harness/broken_parser_stub.go1//go:build !chaos_broken_parser
LOWtests/e2e/chaos-broken-parser/harness/main.go1// Command chaos-broken-parser-harness drives the e2e chaos test that
LOWtests/e2e/chaos-broken-parser/harness/main.go221 // 1. Build + start a keploy proxy in-process with the chaos
LOWtests/e2e/ca-bundle-merge/run.sh1#!/usr/bin/env bash
LOWtests/e2e/ca-bundle-merge/run.sh61# it and returns empty, which would mask a clean exit as a timeout);
LOWtests/e2e/ca-bundle-merge/run.sh121if [ "${SKIP_EGRESS_PROBE:-0}" = "1" ]; then
LOWtests/e2e/ca-bundle-merge/docker-compose.yml1# docker-compose.yml — end-to-end reproduction of the CA-bundle-merge fix.
LOWtests/e2e/ca-bundle-merge/setup/main.go1// Package main is a small harness that exercises pkg/agent/proxy/tls's
LOWtests/e2e/ca-bundle-merge/setup/main.go41 // for test isolation we symlink /tmp/keploy-tls -> EXPORT_PATH before
LOWutils/utils.go261 return bindErr
LOWutils/utils.go281// logger = zapsentry.AttachCoreToLogger(core, logger)
LOWutils/utils.go701 })
LOWutils/utils.go1501
LOWutils/log/logger.go21
LOWutils/log/logger.go241 return logger, logFile, nil
LOWutils/log/logger.go341 wrapWriter(zapcore.AddSync(os.Stdout)),
LOWutils/log/logger.go401
LOWutils/log/logger.go461// The new sink is composed alongside the input logger's existing core
LOWutils/log/logger.go521 s.capped.swap(zapcore.AddSync(newFile))
LOWcli/provider/cmd.go301 // truststore install. When the auto-detector in
LOWcli/provider/cmd.go521 // viper.ReadInConfig() in PreProcessFlags to pick up the same
LOW.github/workflows/release.yml21# unblock CGO_ENABLED=1 release builds. pg_query_go v6.2.2 (Session P)
LOW.github/workflows/release.yml41# and creates the GitHub release via `gh release create`)
LOW.github/workflows/release.yml421 GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
LOW.github/workflows/sample_tls_pcap.yml1name: TLS pcap + keylog (sample-tls-app)
LOW.github/workflows/codeql.yml1# For most projects, this workflow file will not need changing; you simply need
LOW.github/workflows/codeql.yml41 uses: actions/checkout@v4
LOW.github/workflows/codeql.yml81
LOW.github/workflows/prepare_and_run.yml1name: Prepare Binary and Run Workflows
LOW.github/workflows/prepare_and_run.yml21 cancel-in-progress: true
LOW.github/workflows/prepare_and_run.yml181 # blocks subsequent step scripts from running. This step makes
LOW.github/workflows/prepare_and_run.yml241 # PowerShell 7 - job 71974521109 failed at the first pwsh
LOW.github/workflows/prepare_and_run.yml421 # state actions/checkout@v4 with clean:true fails at "git config
LOW.github/workflows/prepare_and_run.yml581 # actions/download-artifact + docker load. Replaces the previous
LOW.github/workflows/prepare_and_run.yml721 # outbound-HTTPS workload through the keploy proxy and verifies the
LOW.github/workflows/e2e-ca-bundle-merge.yml1# e2e-ca-bundle-merge.yml — runs tests/e2e/ca-bundle-merge/run.sh on push and
LOW.github/workflows/outbound-fin-stall-linux.yml1name: Outbound FIN Stall Regression (Linux)
592 more matches not shown…
Decorative Section Separators47 hits · 158 pts
SeverityFileLineSnippet
MEDIUM.github/workflows/release.yml55 # ---------------------------------------------------------------
MEDIUM.github/workflows/release.yml66 # ---------------------------------------------------------------
MEDIUM.github/workflows/release.yml169 # ---------------------------------------------------------------
MEDIUM.github/workflows/release.yml175 # ---------------------------------------------------------------
MEDIUM.github/workflows/release.yml278 # ---------------------------------------------------------------
MEDIUM.github/workflows/release.yml285 # ---------------------------------------------------------------
MEDIUM.github/workflows/release.yml374 # ---------------------------------------------------------------
MEDIUM.github/workflows/release.yml384 # ---------------------------------------------------------------
MEDIUM.github/workflows/prepare_and_run.yml39 # -------------------------------------------------------------------
MEDIUM.github/workflows/prepare_and_run.yml41 # -------------------------------------------------------------------
MEDIUM.github/workflows/prepare_and_run.yml578 # -------------------------------------------------------------------
MEDIUM.github/workflows/prepare_and_run.yml584 # -------------------------------------------------------------------
MEDIUM.github/workflows/prepare_and_run.yml664 # -------------------------------------------------------------------
MEDIUM.github/workflows/prepare_and_run.yml666 # -------------------------------------------------------------------
MEDIUM.github/workflows/prepare_and_run.yml727 # -------------------------------------------------------------------
MEDIUM.github/workflows/prepare_and_run.yml730 # -------------------------------------------------------------------
MEDIUM.github/workflows/prepare_and_run.yml875 # -------------------------------------------------------------------
MEDIUM.github/workflows/prepare_and_run.yml878 # -------------------------------------------------------------------
MEDIUM.github/workflows/prepare_and_run.yml1124 # -------------------------------------------------------------------
MEDIUM.github/workflows/prepare_and_run.yml1127 # -------------------------------------------------------------------
MEDIUM…rkflows/test_workflow_scripts/check-deprecated-deps.sh3# -------------------------------
MEDIUM…rkflows/test_workflow_scripts/check-deprecated-deps.sh6# -------------------------------
MEDIUM…test_workflow_scripts/golang/echo_sql/golang-docker.sh166# ── --keep-app-alive regression coverage (docker-compose cmdType) ───────────
MEDIUM…est_workflow_scripts/golang/gin_mongo/golang-docker.sh183# ── --keep-app-alive regression coverage (docker-run cmdType) ───────────────
MEDIUM…test_workflow_scripts/golang/gin_mongo/golang-linux.sh360# ── --keep-app-alive regression coverage ────────────────────────────────────
MEDIUM…rkflow_scripts/golang/gin_mongo/golang-docker-macos.sh22# ---------------------------------------------------------------------------
MEDIUM…rkflow_scripts/golang/gin_mongo/golang-docker-macos.sh26# ---------------------------------------------------------------------------
MEDIUM…rkflow_scripts/golang/gin_mongo/golang-docker-macos.sh46# ---------------------------------------------------------------------------
MEDIUM…rkflow_scripts/golang/gin_mongo/golang-docker-macos.sh48# ---------------------------------------------------------------------------
MEDIUM…rkflow_scripts/golang/gin_mongo/golang-docker-macos.sh57# ---------------------------------------------------------------------------
MEDIUM…rkflow_scripts/golang/gin_mongo/golang-docker-macos.sh59# ---------------------------------------------------------------------------
MEDIUMpkg/agent/proxy/integrations/http/match.go40 // ── AWS SigV4 & SDK ──────────────────────────────────────────────
MEDIUMpkg/agent/proxy/integrations/http/match.go55 // ── GCP ──────────────────────────────────────────────────────────
MEDIUMpkg/agent/proxy/integrations/http/match.go59 // ── Azure ────────────────────────────────────────────────────────
MEDIUMpkg/agent/proxy/integrations/http/match.go65 // ── W3C Trace Context / OpenTelemetry ────────────────────────────
MEDIUMpkg/agent/proxy/integrations/http/match.go69 // ── Zipkin B3 propagation ────────────────────────────────────────
MEDIUMpkg/agent/proxy/integrations/http/match.go76 // ── Datadog ──────────────────────────────────────────────────────
MEDIUMpkg/agent/proxy/integrations/http/match.go82 // ── Generic request/correlation IDs ──────────────────────────────
MEDIUMpkg/agent/proxy/integrations/http/match.go87 // ── Webhook signatures (request-side, inbound webhooks) ──────────
MEDIUMpkg/agent/proxy/integrations/http/match.go99 // ── Idempotency / CSRF ───────────────────────────────────────────
MEDIUMpkg/agent/proxy/integrations/http/match.go105 // ── GCP trace (legacy) ───────────────────────────────────────────
MEDIUMpkg/models/http_stream_body.go57// ── YAML Serialization ─────────────────────────────────────────────────────────
MEDIUMpkg/models/http_stream_body.go166// ── Stream body kind detection ─────────────────────────────────────────────────
MEDIUMpkg/models/http_stream_body.go255// ── YAML body decode/encode ────────────────────────────────────────────────────
MEDIUMpkg/models/http_stream_body.go383// ── Flat body reconstruction ──────────────────────────────────────────────────
MEDIUMpkg/models/http_stream_body.go444// ── Body → Chunk parsers ───────────────────────────────────────────────────────
MEDIUMpkg/models/http_stream_body.go563// ── Helpers ───────────────────────────────────────────────────────────────────
AI Slop Vocabulary22 hits · 74 pts
SeverityFileLineSnippet
MEDIUMtests/e2e/agent-ready-gated-on-ca/run.sh9# 2. After the harness flips the CAReady signal, subsequent POST
MEDIUMtests/e2e/agent-ready-gated-on-ca/docker-compose.yml1# End-to-end harness for tests/e2e/agent-ready-gated-on-ca.
MEDIUMtests/e2e/agent-ready-gated-on-ca/docker-compose.yml3# "agent" runs the e2e-harness built from local source. It mirrors the
MEDIUMtests/e2e/agent-ready-gated-on-ca/docker-compose.yml27 # TCP-connect healthcheck (busybox's `nc -z`) — once the harness binds
MEDIUMtests/e2e/chaos-broken-parser/docker-compose.yml1# End-to-end chaos harness for tests/e2e/chaos-broken-parser.
MEDIUMtests/e2e/chaos-broken-parser/docker-compose.yml8# This compose file ships only the dependencies the harness needs to
MEDIUMtests/e2e/chaos-broken-parser/docker-compose.yml11# available for the harness to exec queries through. The harness itself
MEDIUMtests/e2e/chaos-broken-parser/docker-compose.yml19# process by the harness. Running keploy in a sibling container would
MEDIUMtests/e2e/chaos-broken-parser/docker-compose.yml23# tests/e2e/agent-ready-gated-on-ca/harness where the HTTP handler is
MEDIUMtests/e2e/chaos-broken-parser/docker-compose.yml38 # alongside a local Postgres doesn't collide on 5432. The harness
MEDIUMtests/e2e/chaos-broken-parser/docker-compose.yml55 # Optional sidecar the harness can `docker compose exec` into to run
MEDIUMtests/e2e/chaos-broken-parser/docker-compose.yml57 # Kept alive via `sleep infinity`; the harness exec's per-query.
MEDIUMtests/e2e/ca-bundle-merge/docker-compose.yml5# 1. `ca-writer`: runs the Go harness that exercises setupSharedVolume in a
MEDIUMtests/e2e/ca-bundle-merge/docker-compose.yml24 # Build context is repo root so the harness can import the tls package.
MEDIUMutils/signal_windows.go44 // to handle complex shell-like logic in 'userCmd'. 'cmd /C' is the most robust default.
MEDIUMutils/utils.go1431// It is robust against strings that contain non-template curly braces by using a strict regex.
MEDIUM.github/workflows/e2e-ca-bundle-merge.yml5# the Go harness which calls SetupCA(..., isDocker=true) so
MEDIUM…test_workflow_scripts/golang/gin_mongo/golang-linux.sh375# nothing more. Scoping to a single test-set keeps the assertion robust
MEDIUMpkg/util_test.go1739 // Mock logic or ensure specific error condition if possible, though ReplaceGrpcHost is robust
MEDIUMpkg/agent/proxy/util/recover_test.go101 // insensitively is robust across rewording.
MEDIUMpkg/agent/proxy/tls/ca.go766// byte equality is robust to Subject-name renaming between
MEDIUMpkg/service/tools/templatize.go1092 // (Allow letters, digits, '_' as a simple/robust check.)
Redundant / Tautological Comments34 hits · 59 pts
SeverityFileLineSnippet
LOWkeploy.sh199 # Check if NO_ROOT is set to true
LOWkeploy.sh214 # Check if the OS is macOS (Darwin) to set the correct source path
LOW.github/workflows/golang_wsl.yml80 # Check if debugfs is already mounted
LOW…workflows/test_workflow_scripts/python-docker-macos.sh51# Set trap to run cleanup on script exit (success, failure, or interrupt)
LOW…ithub/workflows/test_workflow_scripts/python-docker.sh123 # Check if any test set did not pass
LOW…t_workflow_scripts/python/flask-secret/python-linux.sh23# Set trap to cleanup on script exit
LOW…t_workflow_scripts/python/flask-secret/python-linux.sh203# Check if keploy.yml was created in the original location (should NOT happen)
LOW…t_workflow_scripts/python/flask-secret/python-linux.sh212# Check if keploy.yml still exists in the moved location
LOW…t_workflow_scripts/python/flask-secret/python-linux.sh220# Check if the test with config path was successful
LOW…orkflow_scripts/python/django_postgres/python-linux.sh186 # Check if any test set did not pass
LOW…t_workflow_scripts/python/schema_match/python-linux.sh25# Set trap to cleanup on script exit
LOW…test_workflow_scripts/golang/echo_sql/golang-docker.sh131 # Check if any test set did not pass
LOW…orkflow_scripts/golang/echo_sql/golang-docker-macos.sh57# Set trap to run cleanup on script exit (success, failure, or interrupt)
LOW…orkflow_scripts/golang/echo_sql/golang-docker-macos.sh207 # Check if any test set did not pass
LOW…est_workflow_scripts/golang/gin_mongo/golang-docker.sh148 # Check if any test set did not pass
LOW…test_workflow_scripts/golang/gin_mongo/golang-linux.sh44# Check if there is a keploy-config file, if there is, delete it.
LOW…_workflow_scripts/golang/sse_preflight/golang-linux.sh13# Check if there is a keploy-config file, if there is, delete it.
LOW…t_workflow_scripts/golang/http_pokeapi/golang-linux.sh13# Check if there is a keploy-config file, if there is, delete it.
LOW…_workflow_scripts/node/express_mongoose/node-docker.sh133 # Check if any test set did not pass
LOW…flows/test_workflow_scripts/node/http_br/node-linux.sh10# Check if there is a keploy-config file, if there is, delete it.
LOW…flows/test_workflow_scripts/node/http_br/node-linux.sh165 # Check if any test set did not pass
LOW…flows/test_workflow_scripts/node/http_br/node-linux.sh183 # Check if any test set did not pass
LOW…w_scripts/performance/run-perf-test-with-validation.sh78 # Check if value contains 'ms', 'µs', 'us', 's', etc.
LOW…w_scripts/performance/run-perf-test-with-validation.sh147 # Check if it's within tolerance (1% below threshold)
LOW…w_scripts/performance/run-perf-test-with-validation.sh178# Check if k6 is available
LOW…w_scripts/performance/run-perf-test-with-validation.sh216 # Check if Keploy is still alive before starting the test
LOW.github/actions/tester/install.sh45# Set GOCOVERDIR to the coverage directory
LOW.github/actions/tester/install.sh68# Check if the number of directories is zero
LOWpkg/core/proxy/tls/asset/setup_ca.sh28# Check if directory exists
LOWpkg/core/proxy/tls/asset/setup_ca.sh33# Check if command exists
LOWpkg/core/proxy/tls/asset/setup_ca.sh38# Check if Java is installed
LOWpkg/agent/proxy/tls/asset/setup_ca.sh28# Check if directory exists
LOWpkg/agent/proxy/tls/asset/setup_ca.sh33# Check if command exists
LOWpkg/agent/proxy/tls/asset/setup_ca.sh38# Check if Java is installed
Self-Referential Comments18 hits · 56 pts
SeverityFileLineSnippet
MEDIUMkeploy.sh206 # Create the target directory in the user's home directory
MEDIUM.github/workflows/golang_docker_windows.yml32 # Create a minimal per-job gitconfig BEFORE checkout to prevent
MEDIUM.github/workflows/prepare_and_run.yml893 # Create a minimal per-job gitconfig BEFORE checkout to prevent
MEDIUM…ithub/workflows/test_workflow_scripts/python-docker.sh114 # Define the report file for each test set
MEDIUM…t_workflow_scripts/python/flask-secret/python-linux.sh186# Create a test config directory
MEDIUM…orkflow_scripts/python/django_postgres/python-linux.sh177 # Define the report file for each test set
MEDIUM…test_workflow_scripts/golang/echo_sql/golang-docker.sh122 # Define the report file for each test set
MEDIUM…orkflow_scripts/golang/echo_sql/golang-docker-macos.sh198 # Define the report file for each test set
MEDIUM…est_workflow_scripts/golang/gin_mongo/golang-docker.sh139 # Define the report file for each test set
MEDIUM…t_workflow_scripts/golang/risk_profile/golang-linux.sh136 # Define the expected risk for each API endpoint path
MEDIUM…t_workflow_scripts/golang/risk_profile/golang-linux.sh155 # Define the expected categories for each API endpoint path (comma-separated)
MEDIUM…t_workflow_scripts/java/spring_petclinic/java-linux.sh276# Create a pet type
MEDIUM…t_workflow_scripts/java/spring_petclinic/java-linux.sh290# Create an owner
MEDIUM…t_workflow_scripts/java/spring_petclinic/java-linux.sh308# Create a pet for an owner
MEDIUM…t_workflow_scripts/java/spring_petclinic/java-linux.sh326# Create a visit for a pet
MEDIUM…t_workflow_scripts/java/spring_petclinic/java-linux.sh342# Create a specialty
MEDIUM…t_workflow_scripts/java/spring_petclinic/java-linux.sh356# Create a vet
MEDIUM…_workflow_scripts/node/express_mongoose/node-docker.sh124 # Define the report file for each test set
Verbosity Indicators16 hits · 26 pts
SeverityFileLineSnippet
LOW.github/actions/setup-private-parsers/action.yaml160 # Step 1: PR body override.
LOW.github/actions/setup-private-parsers/action.yaml175 # Step 2: head-branch auto-pair.
LOW.github/actions/setup-private-parsers/action.yaml180 # Step 3: authoritative fall-through. Propagates errors.
LOWpkg/util.go3716 // Step 1: Check replaceWith URL
LOWpkg/util.go3752 // Step 2: ConfigHost override (only if no URL replacement match)
LOWpkg/util.go3824 // Step 5: Port mappings (highest priority, always checked)
LOWpkg/agent/proxy/incoming/http_test.go375 // Step 1: pre-fill bufio's internal buffer in a way that emulates
LOWpkg/agent/proxy/incoming/http_test.go400 // Step 2: simulate the next iteration starting AFTER the prior
LOWpkg/agent/proxy/incoming/http_test.go407 // Step 3: ReadRequest serves entirely from the prefetched buffer
LOWpkg/agent/proxy/incoming/http_test.go417 // Step 4: lastReadNano is unchanged from priorRead because no
LOWpkg/models/postgres_v3_response_validate_test.go38 // Step 1: malformed shape must serialize cleanly today — that is
LOWpkg/models/postgres_v3_response_validate_test.go47 // Step 2: malformed shape must deserialize cleanly as well. The
LOWpkg/models/postgres_v3_response_validate_test.go62 // Step 3: Validate() must reject the combination. This is the
LOWpkg/service/tools/templatize.go328 // Step 1: collect candidates.
LOWpkg/service/tools/templatize.go419 // Step 2: group by baseKey
LOWpkg/service/tools/templatize.go436 // Step 3: sort candidates in this group by producer test index (ascending)
Hallucination Indicators1 hit · 10 pts
SeverityFileLineSnippet
CRITICALpkg/models/postgres_v3_response_validate_test.go273 if err := m.Spec.PostgresV3.Query.Response.Validate(); err != nil {
Fake / Example Data5 hits · 5 pts
SeverityFileLineSnippet
LOW…workflows/test_workflow_scripts/python-docker-macos.sh111 -d '{"student_id":"12345","name":"John Doe","age":20}' http://localhost:$APP_PORT/students >/dev/null
LOW…ithub/workflows/test_workflow_scripts/python-docker.sh41 curl -X POST -H "Content-Type: application/json" -d '{"student_id": "12345", "name": "John Doe", "age": 20}' http://
LOW…orkflow_scripts/python/django_postgres/python-linux.sh99 "name": "John Doe",
LOW…t_workflow_scripts/node/express_mongoose/node-linux.sh65 --data '{"name":"John Doe","email":"john@xyiz.com","phone":"0123456799"}' || true
LOW…_workflow_scripts/node/express_mongoose/node-docker.sh43 "name":"John Doe",
Excessive Try-Catch Wrapping3 hits · 3 pts
SeverityFileLineSnippet
LOW…ow_scripts/python/http-stale-pool-race/burst_client.py70 except Exception as exc:
LOW…ow_scripts/python/http-stale-pool-race/burst_client.py80 except Exception:
LOW…test_workflow_scripts/python/outbound-fin-stall/app.py50 except Exception as e:
Unused Imports1 hit · 1 pts
SeverityFileLineSnippet
LOW…w_scripts/python/outbound-fin-stall/silent_upstream.py28
Deep Nesting1 hit · 1 pts
SeverityFileLineSnippet
LOW…w_scripts/python/outbound-fin-stall/silent_upstream.py34