Scans the code for security leaks
Project description
Codescan
Codescan is a Python utility for checking codes for possible security credentials leaks that might be committed into a repository.
As best practice, developer should not commit any credentials to a git repository be it private or public. There are instances during the course of development, that a credentials is hard coded into the codes either for quick testing or troubleshooting.
Executing codescan before pushing into the remote repository will enable us to check if there are any hardcoded security leaks in the code so we can make the necessary adjustments.
Installation
Use the package manager pip to install codescan.
pip install codescan
or
pip3 install codescan
Usage
Codescan uses python3. In some environments, the python command already links to python3. you can check your version of python by:
python --version
---- Output ----
Python 3.x.y
If your output is Python 2.x.y, use the python3 command to execute the codescan module.
Scan the current directory that is git initialized.
python -m codescan
python3 -m codescan
By default codescan checks the current working directory and look into the "git status" results for staged files. The staged files will then be scan for possible credential leaks.
To do a full scan specify a -f flag and -i [ignore file] option
python -m codescan -f -i .gitignore
python3 -m codescan -f -i .gitignore
The full scan will go through all the files in the current directory and checks for security leaks. an ignore file needs to be specify for codescan to skip scanning 3rd party directory such as vendor or node_modules. The .gitignore file can be used or a separate ignore file can be specified.
Git Integration
To integrate codescan to every git commits. We can take advantage of the git hooks
Create a pre-commit file under .git/hooks inside your code directory and put the following code:
#/bin/bash
python3 -m codescan
Make the file executable
chmod +x .git/hooks/pre-commit
This will script will execute every after git commit command. Will then show if there any security leaks in the commited codes and give you time to correct before pushing to the repository.
Contributing
Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.
Please make sure to update tests as appropriate.
License
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file codescan-0.2.0.tar.gz.
File metadata
- Download URL: codescan-0.2.0.tar.gz
- Upload date:
- Size: 5.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.7.0 importlib_metadata/4.8.2 pkginfo/1.8.2 requests/2.26.0 requests-toolbelt/0.9.1 tqdm/4.62.3 CPython/3.9.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | f7c722b45deff7100ad61f9c897fb52c85637022a2dd45e6eecaef584d707200 |
|
| MD5 | 5fedf673d754bff3045af56bb09d70d1 |
|
| BLAKE2b-256 | 2bc15f770de7e033be1d94bcd8eec73019f4c955c4f2e90a3c9a2af8340ea18b |
File details
Details for the file codescan-0.2.0-py3-none-any.whl.
File metadata
- Download URL: codescan-0.2.0-py3-none-any.whl
- Upload date:
- Size: 6.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.7.0 importlib_metadata/4.8.2 pkginfo/1.8.2 requests/2.26.0 requests-toolbelt/0.9.1 tqdm/4.62.3 CPython/3.9.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 42eed5c43437211047b4286dc86eeaab5e0e63177e893188adb227a7efa352d0 |
|
| MD5 | fe74a84c3afcd00e20b05b4d2fc3a79d |
|
| BLAKE2b-256 | 16e905571b8e07311a15eea4caf7bada7737e100b024ab30139b630a44ce7fe2 |
