Scan repositories for potential usernames, passwords, tokens, and other secrets.

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for sriramsreedhar from gravatar.com sriramsreedhar

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License Expression: MIT
    SPDX License Expression
  • Author: Sriram Sreedhar
  • Tags security , secrets , scanner , git , pre-push
  • Requires: Python >=3.9
Classifiers
Report project as malware

Project description

checsum

checsum scans your project for potential secrets before code is pushed to Git. It detects common patterns such as usernames, passwords, API tokens, private keys, and authorization headers, then generates a full HTML report with:

  • file name
  • exact location (line and column)
  • finding type
  • matched value (or preview)

Install

pip install checsum

Usage

Scan the current directory and create an HTML report:

checsum --path . --output checsum-report.html

Fail CI if possible secrets are found:

checsum --path . --fail-on-findings

Ignore additional globs:

checsum --path . --ignore "*.pem" --ignore "docs/*"

Example Output

The report includes:

  • scan timestamp
  • root path scanned
  • total files and findings
  • grouped breakdown by finding type
  • detailed table of each hit with path, line, column, severity, and extracted snippet

Use as a pre-push safety check

Create .git/hooks/pre-push:

#!/usr/bin/env bash
set -euo pipefail
checsum --path . --output checsum-report.html --fail-on-findings

Then make it executable:

chmod +x .git/hooks/pre-push

Notes

checsum is a heuristic scanner. It can produce false positives and should be used as an early warning signal, not a replacement for secret management best practices.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for sriramsreedhar from gravatar.com sriramsreedhar

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License Expression: MIT
    SPDX License Expression
  • Author: Sriram Sreedhar
  • Tags security , secrets , scanner , git , pre-push
  • Requires: Python >=3.9
Classifiers

Release history Release notifications | RSS feed

0.1.4

This version

0.1.3

0.1.2

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

checsum-0.1.3.tar.gz (7.3 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

checsum-0.1.3-py3-none-any.whl (7.5 kB view details)

Uploaded Python 3

File details

Details for the file checsum-0.1.3.tar.gz.

File metadata

  • Download URL: checsum-0.1.3.tar.gz
  • Upload date:
  • Size: 7.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.12.0

File hashes

Hashes for checsum-0.1.3.tar.gz
Algorithm Hash digest
SHA256 68f23a6474c55ec0e0603ffbe1373ecf6696b1ee81326fa28e0fcb13c2393a5e
MD5 ad3d625c83b85043b73a3e17c5c013d3
BLAKE2b-256 c3143219ca18de086d57ca7938826e0d57345178e857f71beda19687b460ed86

See more details on using hashes here.

File details

Details for the file checsum-0.1.3-py3-none-any.whl.

File metadata

  • Download URL: checsum-0.1.3-py3-none-any.whl
  • Upload date:
  • Size: 7.5 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.12.0

File hashes

Hashes for checsum-0.1.3-py3-none-any.whl
Algorithm Hash digest
SHA256 9d0924cff96d3232157025d0f844a23bd61b47caf5a41c230d58c607439ea8b7
MD5 be637a376294eb2dd47f9e19e5e2308d
BLAKE2b-256 004d3c5290bfc619fcdd448b90ae5aceaeef2107036ae0743694bec77e726a57

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page