Scan codebases for leaked secrets, API keys, and credentials. Compliance-grade reporting with online report sharing.
Project description
compliance-scanner
Scan codebases for leaked secrets, API keys, and credentials. Compliance-grade reporting with online report sharing.
Installation
# From PyPI (when published)
pip install compliance-scanner
# From source
git clone https://github.com/naufal/compliance-scanner.git
cd compliance-scanner
pip install .
Usage
# Scan current directory
compliance-scanner .
# Scan specific path
compliance-scanner /path/to/project
# Local only (no online upload)
compliance-scanner . --no-upload
# JSON output
compliance-scanner . --json --output report.json
# Custom expiry for online report
compliance-scanner . --expiry 7
# Ignore additional directories
compliance-scanner . --ignore .env,.secrets
# Scan only Python files
compliance-scanner . --file-glob "*.py"
# Quiet mode
compliance-scanner . -q
What It Detects
- High-entropy strings (potential API keys, tokens)
- Variable assignments with secrets (
API_KEY=...,SECRET=...) - JWT tokens (
eyJ...) - AWS access keys (
AKIA...) - GitHub tokens (
ghp_...,gho_...,ghs_...) - Slack tokens (
xoxb-...,xoxp-...) - Stripe keys (
sk_live_...,pk_live_...) - Google API keys (
AIza...) - Base64-encoded strings
- Generic long alphanumeric strings
Output
Terminal
============================================================
COMPLIANCE SCAN — SECRET/CREDENTIAL DETECTION REPORT
============================================================
Scan root : /path/to/project
Files scanned : 42
STATUS: 3 POTENTIAL FINDINGS
Showing top 3 by score
Rank : 1
Score : 200
Variable : API_KEY
Value : sk_live_abc123...
File : /path/to/config.py
Line : 15
------------------------------------------------------------
Online Report
Reports are uploaded to dpaste.org with configurable expiry (default: 30 days). Share the URL with your team for compliance reviews.
JSON
{
"scan_root": "/path/to/project",
"files_scanned": 42,
"total_findings": 3,
"status": "findings_detected",
"findings": [...]
}
Exit Codes
0— Clean (no findings)1— Findings detected
Use in CI/CD:
compliance-scanner . --no-upload --quiet || echo "SECRETS DETECTED"
License
MIT
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file compliance_scanner-1.0.0.tar.gz.
File metadata
- Download URL: compliance_scanner-1.0.0.tar.gz
- Upload date:
- Size: 8.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.9.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
44279b828148c144c7d5b096a4afd292d827e6b7321997ac6edc4d53220a9876
|
|
| MD5 |
636dddfad598d52e4b7f201c6efd8f43
|
|
| BLAKE2b-256 |
f0ce24c8ba3ca4061ae02cdeb5502c622b16a998b31db8173b1f911f118acdbe
|
File details
Details for the file compliance_scanner-1.0.0-py3-none-any.whl.
File metadata
- Download URL: compliance_scanner-1.0.0-py3-none-any.whl
- Upload date:
- Size: 9.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.9.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
d9a1c473de0d78da2aaeb76ce29902444d067804e5a8c2d9f832b369c9250eff
|
|
| MD5 |
b2c7026b519689af55fb696c6dbf9219
|
|
| BLAKE2b-256 |
59ed95003c2246c07216f6d3d0562d22526118471498ce22a54daee6a406d6f2
|