Autonomous testing tool - scans your project, understands architecture, plans and runs tests
Project description
Nazar
Otonom guvenlik & kalite tarayicisi - Projeyi tarar, mimariyi anlar, 158+ test olusturur ve calistirir.
Ozellikler
- 158+ otomatik test, 22 kategori
- 63 guvenlik testi (OWASP Top 10, 50+ secret pattern, supply chain)
- SCA Scanner (npm audit, pip-audit, govulncheck, typosquatting tespiti)
- Python AST Analyzer (false positive %80 azalma)
- Taint Tracking (SQL injection, XSS, command injection veri akisi)
- YAML Kural Motoru (Semgrep benzeri, kendi kuralinizi yazin)
- App Store & Play Store uyumluluk kontrolleri
- 87 adim adim duzeltme rehberi
- 15+ teknoloji destegi (React Native, Flutter, Django, FastAPI, Go, Rust...)
- Canli TUI + Interaktif shell + HTML rapor
- GitHub Action + PR Comment + SARIF
- VS Code Extension
- Zero-config: nazar yaz, gerisini o halleder
Kurulum
pipx ile (tavsiye edilen)
pipx install nazar
pip ile
pip install nazar
Kaynaktan (gelistirici)
git clone https://github.com/user/nazar.git
cd nazar
pip install -e ".[dev]"
Kurulumdan sonra terminal'de nazar yazmaniz yeterli.
Kullanim
# Interaktif arayuz (en kolay yol)
nazar
# Tek komutla tam tarama
nazar auto /proje/yolu
# Mevcut dizini tara
nazar auto .
# Sadece tara (rapor yok)
nazar scan .
# Belirli kategori calistir
nazar run . --category security
nazar run . --category sca
nazar run . --category taint
nazar run . --category ast_analysis
nazar run . --category appstore
nazar run . --category playstore
nazar run . --category yaml_rules
# JSON cikti (CI/CD icin)
nazar --json auto .
# GitHub PR entegrasyonu
nazar auto . --github-pr --sarif nazar.sarif
# Minimal cikti
nazar --quiet auto .
# Yapilandirma dosyasi olustur
nazar init
Interaktif Arayuz
nazar yazin, proje yolunu girin. Sonuclari inceleyin:
nazar> /Users/kadir/Desktop/MyApp
nazar> /report failed
nazar> /detail 1
nazar> /guide 1
nazar> /export html
nazar> /categories
nazar> /stats
nazar> /clear
nazar> /help
Docker
docker build -t nazar .
docker run -v $(pwd):/project nazar
Test Kategorileri (22)
| Kategori | Test | Aciklama |
|---|---|---|
| Security | 63 | 50+ secret pattern, OWASP Top 10, crypto, CORS, CSRF |
| SCA | 7 | npm/pip/go audit, typosquatting, lisans uyumluluk |
| AST Analysis | 6 | Python AST ile gercek kod analizi |
| Taint Tracking | 5 | SQL injection, XSS, command injection veri akisi |
| App Store | 32 | Privacy manifest, ATT, IAP, Sign in with Apple |
| Play Store | 10 | targetSdk, exported, ProGuard, permissions |
| Code Quality | 16 | Complexity, dead code, smells, debug statements |
| YAML Rules | 3 | Semgrep benzeri ozel kural motoru |
| UI Component | 10 | a11y, touch target, dark mode, loading state |
| UX Text | 8 | Yazim, tutarlilik, i18n, alt text |
| Cross-File | 7 | Dead export, orphan component, circular import |
| API | 4 | Erisilebilirlik, response, performance |
| Git | 4 | gitignore, buyuk dosya, hassas dosya |
| Type Safety | 3 | any usage, ts-ignore, as any |
| Error Handling | 3 | Bos catch, yutulmus hata, async |
| Performance | 3 | Kaynak boyutu, buyuk dosya/gorsel |
| Documentation | 3 | README, CHANGELOG |
| Naming | 3 | Dosya isimleri, tek harfli degisken |
| Dependencies | 3 | Vulnerability, deprecated |
| Accessibility | 2 | testID, label |
| Docker | 2 | Base image, secret |
Plugin Gelistirme
from nazar.plugins.base import BaseTestPlugin
class MyPlugin(BaseTestPlugin):
name = "my-plugin"
version = "1.0.0"
description = "Custom test rules"
def get_tests(self, scan_result):
return [{"name": "My Test", "type": "custom", "priority": "medium"}]
def run_test(self, test, project_path):
return True, "Passed"
Cikti Formatlari
nazar --json # JSON
nazar auto --report r.html # HTML (default)
Programmatik kullanim:
from nazar.reporters import JSONReporter, JUnitReporter, SARIFReporter, MarkdownReporter
Katki
Katki saglamak icin CONTRIBUTING.md dosyasini inceleyin.
Lisans
MIT
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
nazar-4.5.0.tar.gz
(150.4 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
nazar-4.5.0-py3-none-any.whl
(167.1 kB
view details)
File details
Details for the file nazar-4.5.0.tar.gz.
File metadata
- Download URL: nazar-4.5.0.tar.gz
- Upload date:
- Size: 150.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
51f5e39ec82ff73355f5fa270c4b0d2a583224edba97a5cb72ac8b4d4c1279df
|
|
| MD5 |
a378c1fd7e30fccccb2cdf44214732b0
|
|
| BLAKE2b-256 |
db10066e9b4376294c35faad036ee7a33613f81b5e8faf12a98aa0a9d7283152
|
File details
Details for the file nazar-4.5.0-py3-none-any.whl.
File metadata
- Download URL: nazar-4.5.0-py3-none-any.whl
- Upload date:
- Size: 167.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
d7178b95818c1161f9283478a27d8f97633f9ff6ac260ed229676b50cedce394
|
|
| MD5 |
ea2fd0fc1a39add1461302450f4c2d45
|
|
| BLAKE2b-256 |
41c7fc7f3707a366b24544b2d8fc7f8bc1fa1854c21d5dce59def4b697e00c06
|
