Scan any repo for security nightmares in 30 seconds
Project description
๐ก๏ธ ShieldMyRepo
Scan any GitHub repo for security nightmares in 30 seconds.
Features โข Quick Start โข Scanners โข Report Card โข Badge โข Contributing
๐ค What is ShieldMyRepo?
ShieldMyRepo is an open-source CLI tool that scans any code repository for security vulnerabilities, misconfigurations, and leaked secrets โ then gives it a security grade from A to F with a shareable badge for your README.
Think of it as a security health check for your codebase.
$ shieldmyrepo scan .
๐ก๏ธ ShieldMyRepo โ Security Report Card
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
๐ Overall Grade: B
โโโโโโโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโฌโโโโโโโโโโโ
โ Scanner โ Status โ Findings โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโผโโโโโโโโโโโค
โ ๐ Secret Detection โ โ
PASS โ 0 โ
โ ๐ฆ Dependencies โ โ ๏ธ WARN โ 3 โ
โ โ๏ธ GitHub Actions โ โ
PASS โ 0 โ
โ ๐ณ Dockerfile โ โ FAIL โ 2 โ
โ ๐ Gitignore โ โ ๏ธ WARN โ 1 โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโดโโโโโโโโโดโโโโโโโโโโโ
๐ Details: reports/shieldmyrepo-report.json
๐ท๏ธ Badge: reports/shieldmyrepo-badge.svg
โจ Features
- ๐ Secret Detection โ Finds leaked API keys, tokens, passwords, and private keys in your code
- ๐ฆ Dependency Scanning โ Checks
package.json,requirements.txt,Cargo.toml,go.modfor known vulnerabilities - โ๏ธ GitHub Actions Audit โ Detects insecure workflow configurations and supply chain risks
- ๐ณ Dockerfile Security โ Flags running as root, unpinned base images, secrets in build args
- ๐ Gitignore Check โ Ensures sensitive files aren't being committed
- ๐ A-F Grade Report Card โ Beautiful terminal output with actionable recommendations
- ๐ท๏ธ Shareable Badge โ Generate an SVG badge to show your repo's security grade in your README
- ๐ Plugin Architecture โ Easy to add new scanners (great for contributors!)
๐ Quick Start
Installation
# Clone the repository
git clone https://github.com/DhanushNehru/ShieldMyRepo.git
cd ShieldMyRepo
# Install in development mode
pip install -e .
Usage
# Scan the current directory
shieldmyrepo scan .
# Scan a specific path
shieldmyrepo scan /path/to/your/project
# Scan and generate a badge
shieldmyrepo scan . --badge
# Output report as JSON
shieldmyrepo scan . --format json
# Run only specific scanners
shieldmyrepo scan . --scanners secrets,dockerfile
๐ Scanners
ShieldMyRepo uses a modular plugin architecture. Each scanner is a self-contained Python module that can be easily added or modified.
| Scanner | Description | File |
|---|---|---|
| ๐ Secrets | Detects leaked API keys, tokens, and passwords | scanners/secrets.py |
| ๐ฆ Dependencies | Checks package files for known vulnerabilities | scanners/dependencies.py |
| โ๏ธ GitHub Actions | Audits workflow security configurations | scanners/github_actions.py |
| ๐ณ Dockerfile | Analyzes Docker security best practices | scanners/dockerfile.py |
| ๐ Gitignore | Validates gitignore coverage | scanners/gitignore.py |
Want to add a new scanner?
Check out our Contributing Guide โ adding a scanner is one of the easiest ways to contribute! Each scanner is a single Python file that follows a simple interface.
๐ Report Card
ShieldMyRepo generates a beautiful report card with:
- Overall Grade (A-F) based on weighted scanner results
- Per-scanner status (PASS / WARN / FAIL)
- Finding count with severity levels
- Actionable recommendations for each finding
- JSON export for CI/CD integration
Grading Scale
| Grade | Score Range | Description |
|---|---|---|
| A | 90-100 | Excellent โ minimal security concerns |
| B | 80-89 | Good โ a few minor issues |
| C | 70-79 | Fair โ some issues need attention |
| D | 60-69 | Poor โ significant security gaps |
| F | 0-59 | Critical โ immediate action required |
๐ท๏ธ Badge
Add a security grade badge to your project's README:
Run shieldmyrepo scan . --badge to generate an SVG badge in the reports/ directory.
๐ ๏ธ Tech Stack
- Python 3.8+ โ Core CLI and scanner engine
- Click โ CLI framework
- Rich โ Beautiful terminal output
- PyYAML โ YAML parsing for workflows and configs
๐ค Contributing
We love contributions! ShieldMyRepo is designed to be contributor-friendly:
- ๐ข Easy: Add a new secret detection pattern
- ๐ก Medium: Build a new scanner module
- ๐ด Hard: Improve the grading algorithm
Check out our Contributing Guide to get started. Look for issues tagged with good first issue or help wanted.
Contributors
๐ License
This project is licensed under the MIT License โ see the LICENSE file for details.
โญ Star History
If you find ShieldMyRepo useful, please consider giving it a star! It helps others discover the project.
Made with โค๏ธ by Dhanush Nehru
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file shieldmyrepo-0.1.0.tar.gz.
File metadata
- Download URL: shieldmyrepo-0.1.0.tar.gz
- Upload date:
- Size: 21.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.1
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
6c332a2856cb54c5146dfffe27455aa8d9696eb8db68b75230f51ab8ec8d6b98
|
|
| MD5 |
c9d50808349f1d8ef18c33d6b8be07d3
|
|
| BLAKE2b-256 |
cc7f4f9dab8db396e692eaa2027233ce27f4bdf5149f6b17be5dae2dfd5b6ead
|
File details
Details for the file shieldmyrepo-0.1.0-py3-none-any.whl.
File metadata
- Download URL: shieldmyrepo-0.1.0-py3-none-any.whl
- Upload date:
- Size: 24.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.1
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
e70b28f67d4038bd34ddde9b7d3ff6488b1d5435425112d0bd4ffb226092ee1b
|
|
| MD5 |
1e49cec80cba30942be6695263e8fa5e
|
|
| BLAKE2b-256 |
145e2f83764643a9c79dea5627acf5f1f6692e85f9188746bd7ba8d0e9493c87
|
