Scan repositories for potential usernames, passwords, tokens, and other secrets.

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for sriramsreedhar from gravatar.com sriramsreedhar

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License Expression: Apache-2.0
    SPDX License Expression
  • Author: Sriram Sreedhar
  • Tags security , secrets , scanner , git , pre-push
  • Requires: Python >=3.9
Classifiers
Report project as malware

Project description

checsum

checsum scans your project for potential secrets before code is pushed to Git. It detects common patterns such as usernames, passwords, API tokens, private keys, and authorization headers, then generates a full HTML report with:

  • file name
  • exact location (line and column)
  • finding type
  • matched value (or preview)

Install

pip install checsum

Usage

Scan the current directory and create an HTML report:

checsum --path . --output checsum-report.html

Fail CI if possible secrets are found:

checsum --path . --fail-on-findings

Ignore additional globs:

checsum --path . --ignore "*.pem" --ignore "docs/*"

Example Output

The report includes:

  • scan timestamp
  • root path scanned
  • total files and findings
  • grouped breakdown by finding type
  • detailed table of each hit with path, line, column, severity, and extracted snippet

Use as a pre-push safety check

Create .git/hooks/pre-push:

#!/usr/bin/env bash
set -euo pipefail
checsum --path . --output checsum-report.html --fail-on-findings

Then make it executable:

chmod +x .git/hooks/pre-push

Notes

checsum is a heuristic scanner. It can produce false positives and should be used as an early warning signal, not a replacement for secret management best practices.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for sriramsreedhar from gravatar.com sriramsreedhar

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License Expression: Apache-2.0
    SPDX License Expression
  • Author: Sriram Sreedhar
  • Tags security , secrets , scanner , git , pre-push
  • Requires: Python >=3.9
Classifiers

Release history Release notifications | RSS feed

This version

0.1.4

0.1.3

0.1.2

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

checsum-0.1.4.tar.gz (10.1 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

checsum-0.1.4-py3-none-any.whl (10.4 kB view details)

Uploaded Python 3

File details

Details for the file checsum-0.1.4.tar.gz.

File metadata

  • Download URL: checsum-0.1.4.tar.gz
  • Upload date:
  • Size: 10.1 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.12.0

File hashes

Hashes for checsum-0.1.4.tar.gz
Algorithm Hash digest
SHA256 167928228af47569cae153d5c34e2df06e6b935dee6f8170edcc533cb32f74c1
MD5 a854fe6eb0be4d6a458ee0d76b68d2ab
BLAKE2b-256 74c31bdcb5a76b8130756a37afc18f65fbcd640e78b267197562ed222b01b887

See more details on using hashes here.

File details

Details for the file checsum-0.1.4-py3-none-any.whl.

File metadata

  • Download URL: checsum-0.1.4-py3-none-any.whl
  • Upload date:
  • Size: 10.4 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.12.0

File hashes

Hashes for checsum-0.1.4-py3-none-any.whl
Algorithm Hash digest
SHA256 375427083c1c9c59a848982c25da65677e337382f8ab6f3a12005678ffe833f5
MD5 91595cdf824e9e43be8b1408e2a5b95c
BLAKE2b-256 a817c9904c0f83d52f95f44c4847dd66d9afdfaf34c272d0df967b31a5331f27

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page