Scans the code for security leaks

Project description

Codescan

Codescan is a Python utility for checking codes for possible security credentials leaks that might be committed into a repository.

As best practice, developer should not commit any credentials to a git repository be it private or public. There are instances during the course of development, that a credentials is hard coded into the codes either for quick testing or troubleshooting.

Executing codescan before pushing into the remote repository will enable us to check if there are any hardcoded security leaks in the code so we can make the necessary adjustments.

Installation

Use the package manager pip to install codescan.

pip install codescan

pip3 install codescan

Usage

Codescan uses python3. In some environments, the python command already links to python3. you can check your version of python by:

python --version

---- Output ----
Python 3.x.y

If your output is Python 2.x.y, use the python3 command to execute the codescan module.

Scan the current directory that is git initialized.

python -m codescan

python3 -m codescan

By default codescan checks the current working directory and look into the "git status" results for staged files. The staged files will then be scan for possible credential leaks.

To do a full scan specify a -f flag and -i [ignore file] option

python -m codescan -f -i .gitignore

python3 -m codescan -f -i .gitignore

The full scan will go through all the files in the current directory and checks for security leaks. an ignore file needs to be specify for codescan to skip scanning 3rd party directory such as vendor or node_modules. The .gitignore file can be used or a separate ignore file can be specified.

Git Integration

To integrate codescan to every git commits. We can take advantage of the git hooks

Create a pre-commit file under .git/hooks inside your code directory and put the following code:

#/bin/bash

python3 -m codescan

Make the file executable

chmod +x .git/hooks/pre-commit

This will script will execute every after git commit command. Will then show if there any security leaks in the commited codes and give you time to correct before pushing to the repository.

Contributing

Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.

Please make sure to update tests as appropriate.

License

MIT

Project details

Release history Release notifications | RSS feed

This version

0.2.0

Dec 6, 2021

0.1.0

Dec 6, 2021

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

codescan-0.2.0.tar.gz (5.5 kB view hashes)

Uploaded Dec 6, 2021 Source

Built Distribution

codescan-0.2.0-py3-none-any.whl (6.6 kB view hashes)

Uploaded Dec 6, 2021 Python 3

Hashes for codescan-0.2.0.tar.gz

Hashes for codescan-0.2.0.tar.gz
Algorithm	Hash digest
SHA256	`f7c722b45deff7100ad61f9c897fb52c85637022a2dd45e6eecaef584d707200`
MD5	`5fedf673d754bff3045af56bb09d70d1`
BLAKE2b-256	`2bc15f770de7e033be1d94bcd8eec73019f4c955c4f2e90a3c9a2af8340ea18b`

Hashes for codescan-0.2.0-py3-none-any.whl

Hashes for codescan-0.2.0-py3-none-any.whl
Algorithm	Hash digest
SHA256	`42eed5c43437211047b4286dc86eeaab5e0e63177e893188adb227a7efa352d0`
MD5	`fe74a84c3afcd00e20b05b4d2fc3a79d`
BLAKE2b-256	`16e905571b8e07311a15eea4caf7bada7737e100b024ab30139b630a44ce7fe2`