Scan repositories for potential usernames, passwords, tokens, and other secrets.

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for sriramsreedhar from gravatar.com sriramsreedhar

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License Expression: MIT
    SPDX License Expression
  • Author: Sriram Sreedhar
  • Tags security , secrets , scanner , git , pre-push
  • Requires: Python >=3.9
Classifiers
Report project as malware

Project description

checsum

checsum scans your project for potential secrets before code is pushed to Git. It detects common patterns such as usernames, passwords, API tokens, private keys, and authorization headers, then generates a full HTML report with:

  • file name
  • exact location (line and column)
  • finding type
  • matched value (or preview)

Install

pip install checsum

For local development:

pip install -e .

Usage

Scan the current directory and create an HTML report:

checsum --path . --output checsum-report.html

Fail CI if possible secrets are found:

checsum --path . --fail-on-findings

Ignore additional globs:

checsum --path . --ignore "*.pem" --ignore "docs/*"

Example Output

The report includes:

  • scan timestamp
  • root path scanned
  • total files and findings
  • grouped breakdown by finding type
  • detailed table of each hit with path, line, column, severity, and extracted snippet

Use as a pre-push safety check

Create .git/hooks/pre-push:

#!/usr/bin/env bash
set -euo pipefail
checsum --path . --output checsum-report.html --fail-on-findings

Then make it executable:

chmod +x .git/hooks/pre-push

Notes

checsum is a heuristic scanner. It can produce false positives and should be used as an early warning signal, not a replacement for secret management best practices.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for sriramsreedhar from gravatar.com sriramsreedhar

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License Expression: MIT
    SPDX License Expression
  • Author: Sriram Sreedhar
  • Tags security , secrets , scanner , git , pre-push
  • Requires: Python >=3.9
Classifiers

Release history Release notifications | RSS feed

0.1.4

0.1.3

0.1.2

This version

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

checsum-0.1.1.tar.gz (7.3 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

checsum-0.1.1-py3-none-any.whl (7.5 kB view details)

Uploaded Python 3

File details

Details for the file checsum-0.1.1.tar.gz.

File metadata

  • Download URL: checsum-0.1.1.tar.gz
  • Upload date:
  • Size: 7.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.12.0

File hashes

Hashes for checsum-0.1.1.tar.gz
Algorithm Hash digest
SHA256 228397d42930a351b950a64c2e9c2ae2e28b3b27eb078defeb9ebaa2f7d9b27c
MD5 83dd0489306072ddd0a2eef05ae0ba2a
BLAKE2b-256 7bfdd79d3c65af375d47eee2942c7af4af1688a0c25a05c62b4daa68bb885f28

See more details on using hashes here.

File details

Details for the file checsum-0.1.1-py3-none-any.whl.

File metadata

  • Download URL: checsum-0.1.1-py3-none-any.whl
  • Upload date:
  • Size: 7.5 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.12.0

File hashes

Hashes for checsum-0.1.1-py3-none-any.whl
Algorithm Hash digest
SHA256 8485d1f1344d86716298e5eb19f8649b8432e5c8441df0870778d9ae9a9cfcdc
MD5 8772176b106dc56b70a897a99b96a9ce
BLAKE2b-256 d752cf1e08c4d451b144388c14b07d8466da5aa6ce9acc5b2373cd3b9595644c

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page