Skip to main content

Scan codebases for leaked secrets, API keys, and credentials. Compliance-grade reporting with online report sharing.

Project description

compliance-scanner

Scan codebases for leaked secrets, API keys, and credentials. Compliance-grade reporting with online report sharing.

Installation

# From PyPI (when published)
pip install compliance-scanner

# From source
git clone https://github.com/naufal/compliance-scanner.git
cd compliance-scanner
pip install .

Usage

# Scan current directory
compliance-scanner .

# Scan specific path
compliance-scanner /path/to/project

# Local only (no online upload)
compliance-scanner . --no-upload

# JSON output
compliance-scanner . --json --output report.json

# Custom expiry for online report
compliance-scanner . --expiry 7

# Ignore additional directories
compliance-scanner . --ignore .env,.secrets

# Scan only Python files
compliance-scanner . --file-glob "*.py"

# Quiet mode
compliance-scanner . -q

What It Detects

  • High-entropy strings (potential API keys, tokens)
  • Variable assignments with secrets (API_KEY=..., SECRET=...)
  • JWT tokens (eyJ...)
  • AWS access keys (AKIA...)
  • GitHub tokens (ghp_..., gho_..., ghs_...)
  • Slack tokens (xoxb-..., xoxp-...)
  • Stripe keys (sk_live_..., pk_live_...)
  • Google API keys (AIza...)
  • Base64-encoded strings
  • Generic long alphanumeric strings

Output

Terminal

============================================================
COMPLIANCE SCAN — SECRET/CREDENTIAL DETECTION REPORT
============================================================

Scan root      : /path/to/project
Files scanned  : 42

STATUS: 3 POTENTIAL FINDINGS
Showing top 3 by score

Rank     : 1
Score    : 200
Variable : API_KEY
Value    : sk_live_abc123...
File     : /path/to/config.py
Line     : 15
------------------------------------------------------------

Online Report

Reports are uploaded to dpaste.org with configurable expiry (default: 30 days). Share the URL with your team for compliance reviews.

JSON

{
  "scan_root": "/path/to/project",
  "files_scanned": 42,
  "total_findings": 3,
  "status": "findings_detected",
  "findings": [...]
}

Exit Codes

  • 0 — Clean (no findings)
  • 1 — Findings detected

Use in CI/CD:

compliance-scanner . --no-upload --quiet || echo "SECRETS DETECTED"

License

MIT

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

compliance_scanner-1.0.0.tar.gz (8.1 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

compliance_scanner-1.0.0-py3-none-any.whl (9.3 kB view details)

Uploaded Python 3

File details

Details for the file compliance_scanner-1.0.0.tar.gz.

File metadata

  • Download URL: compliance_scanner-1.0.0.tar.gz
  • Upload date:
  • Size: 8.1 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.9.6

File hashes

Hashes for compliance_scanner-1.0.0.tar.gz
Algorithm Hash digest
SHA256 44279b828148c144c7d5b096a4afd292d827e6b7321997ac6edc4d53220a9876
MD5 636dddfad598d52e4b7f201c6efd8f43
BLAKE2b-256 f0ce24c8ba3ca4061ae02cdeb5502c622b16a998b31db8173b1f911f118acdbe

See more details on using hashes here.

File details

Details for the file compliance_scanner-1.0.0-py3-none-any.whl.

File metadata

File hashes

Hashes for compliance_scanner-1.0.0-py3-none-any.whl
Algorithm Hash digest
SHA256 d9a1c473de0d78da2aaeb76ce29902444d067804e5a8c2d9f832b369c9250eff
MD5 b2c7026b519689af55fb696c6dbf9219
BLAKE2b-256 59ed95003c2246c07216f6d3d0562d22526118471498ce22a54daee6a406d6f2

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page