I have interviewed CTOs & EMs of > 50 new-age companies about their testing cultures And learned something completely opposite to what I believed while working at Morgan Stanley.

We have a anonymiser which identifies common sensitive /Personally identifiable data like credit card, zip code and replaces them with anonymised data.

We also provide configuration option to specify additional fields are needed to be anonymised

Do you tokenize that data so that it stays consistent through all the flows? Fits the same parameters etc?

Are you somehow automatically hooking into those function calls, recording their return values, and then mocking the functions in the replays? - this is correct.

As of now, no automated mutation although we do give option to modify the request by developers

In my experience, fuzzy testing is more helpful from Dast / security testing perspective and we were thinking of adding these later.

Go replay has been one of the inspiration Leonid, so glad you checked out CodeParrot :)

Typical Otel implementation don’t capture some request data esp parameters and replay part is missing among few other issues, so we need to extend it.

Thank you! Will keep you posted on open source version.

We have come across Hypertest, seems pretty cool and useful.

Yes, we rely a lot on openTelemetry for this. They have really good support for most libraries in Java, node and are progressing quickly in others. We are also contributing to it by extending support for other languages, which we'll be open sourcing soon.

If you are contributing, isn’t it open-source by default? Or you mean you have ‘proprietary-ish’ (since it’s all client side, kind of impossible) packages that aren’t part of opentelemetry yet?

Yes, I meant packages not part of opentelemetry - example python has lot of DB packages which don’t have support yet.

Does opentelemetry also support mocking outgoing requests values on replay? Or is something else used for that part?

No, it doesn’t have by default but can be extended to support it.

I can relate to this perspective, however, some complexities we have come across in building this so far:

- Support for high number of languages, downstream dependencies - Intelligent sampling to choose requests with high coverage and auto update them over time - Performance, safety and data compliance guarantees

Yes, and Ken from speedscale is a very helpful person too.

Nice! Happy to share our experience if it helps :)