devsecops-git-guardian

v1.4.0

Published

3 days ago

🛡️ Block secrets, misconfigurations, and vulnerabilities before they reach your repository. Real-time security scanning with inline diagnostics.

0High
0Medium
0Low

vijaypal-singh

security devsecops git scanner secrets docker ci-cd pipeline git-hooks pre-push vscode-extension

🛡️ DevSecOps Git Guardian

Autonomous Security Enforcement for Git Workflows & CI/CD Pipelines

Block insecure code before it reaches your repository. A comprehensive security scanning tool that prevents secrets, misconfigurations, and vulnerabilities from entering your codebase. Available as a VS Code Extension, npm Package, and Docker Image for seamless integration into any development workflow.

✨ Features

🔍 Multi-Scanner Security Engine

Secret Scanner: Detects 50+ patterns (AWS keys, API tokens, database credentials, SSH keys)
Docker Scanner: Finds security issues in Dockerfiles (root user, exposed ports, hardcoded secrets)
Config Scanner: Scans YAML/JSON for misconfigurations (debug mode, insecure settings)

🛡️ Autonomous Enforcement

Git Hook Integration: Blocks git push when violations found
CI/CD Pipeline Integration: Fails builds on security issues
Policy Engine: Configurable severity thresholds (CRITICAL, HIGH, MEDIUM, LOW)

📊 Comprehensive Reporting

HTML Reports with visual dashboard
JSON/CSV exports for automation
Real-time VS Code webview
CI/CD artifact generation

🔧 Auto-Remediation

Automatically secures .gitignore files
Prevents accidental secret commits
Suggests fixes for violations

🚀 Installation

Choose what you need:

Method 1: npm Package - CLI + Git Hooks

# Install globally
npm install -g devsecops-git-guardian

# Or use without installation
npx devsecops-git-guardian

What you get:

✅ CLI scanner with full reports
✅ Git hooks (blocks insecure commits/pushes)
✅ CI/CD integration
✅ Works in any terminal/editor

Auto-setup:

Git hooks install automatically if .git folder exists
No VS Code required!

Method 2: VS Code Extension - Inline Diagnostics

Open VS Code
Go to Extensions (Ctrl+Shift+X)
Search for "DevSecOps Git Guardian"
Click Install

Or install from VS Code Marketplace

What you get:

✅ Real-time inline warnings (red squiggly lines)
✅ Hover to see security details
✅ Auto-scan as you type
✅ Quick fix suggestions

Note: Extension works standalone OR with npm package for git hooks

Method 3: Docker Container - Universal CI/CD

docker pull vijaydevsecops/git-guardian:latest
docker run -v $(pwd):/workspace vijaydevsecops/git-guardian:latest

What you get:

✅ Platform-independent scanning
✅ Perfect for Jenkins, GitLab CI, Azure Pipelines
✅ No Node.js required

💡 Which Method Should I Use?

| Use Case | Recommended Method | |----------|-------------------| | Node.js developer | npm package (CLI + hooks) | | VS Code user | Extension only (or both!) | | Want git protection | npm package (for hooks) | | Want inline warnings | VS Code extension | | CI/CD pipeline | npm package OR Docker | | Full experience | npm package + VS Code extension |

🎯 Smart Auto-Setup (npm package only):

Automatically installs git hooks if .git exists
Shows VS Code extension instructions if VS Code detected (optional)
No forced installations - you choose what you want!

🎯 Quick Start

CLI Usage

# Scan current directory
devsecops-scan

# Only critical issues

# Scan specific path
devsecops-scan /path/to/your/project

# Only show critical issues
devsecops-scan --severity CRITICAL

# Generate HTML report
devsecops-scan --format html --output security-report.html

# Auto-fix .gitignore security issues
devsecops-scan --fix

VS Code Extension

Open your project in VS Code
The extension automatically scans files as you edit
View security issues inline with red squiggly lines
Open Command Palette (Ctrl+Shift+P) → DevSecOps: Scan Repository
Ignore specific issues with // @devsecops-ignore or @devsecops-ignore-file

Docker Usage

# Basic scan
docker run -v $(pwd):/workspace vijaydevsecops/git-guardian:latest

# With custom options
docker run -v $(pwd):/workspace vijaydevsecops/git-guardian:latest \
  --severity MEDIUM --format json --output /workspace/report.json

🔄 CI/CD Integration

GitHub Actions

name: Security Scan
on: [push, pull_request]

jobs:
  security:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Security Scan
        run: npx devsecops-scan --severity MEDIUM

GitLab CI

security-scan:
  image: vijaydevsecops/git-guardian:latest
  script:
    - scan $CI_PROJECT_DIR --severity MEDIUM

Jenkins

pipeline {
  agent {
    docker { image 'vijaydevsecops/git-guardian:latest' }
  }
  stages {
    stage('Security') {
      steps {
        sh 'scan . --severity MEDIUM'
      }
    }
  }
}

📊 What It Detects

🔑 Secrets & Credentials (50+ patterns)

AWS Access Keys & Secret Keys
GitHub/GitLab Personal Access Tokens
API Keys (Stripe, Google Cloud, Twilio, SendGrid, etc.)
Database Connection Strings
SSH Private Keys & PEM files
JWT Tokens & OAuth credentials
Hardcoded passwords

🐳 Docker Security Issues

Running as root user
Missing USER directive
Exposed sensitive ports (SSH, MySQL, PostgreSQL, MongoDB, Redis)
Using latest tag instead of pinned versions
Missing HEALTHCHECK
Hardcoded secrets in RUN commands

⚙️ Configuration Misconfigurations

Hardcoded passwords in YAML/JSON
Debug mode enabled in production
SSL/HTTPS disabled
Insecure default values
API keys in config files

⚙️ Configuration

CLI Options

OPTIONS:
  -p, --path <path>          Path to scan (default: current directory)
  -s, --severity <level>     Minimum severity (LOW|MEDIUM|HIGH|CRITICAL)
  -f, --format <format>      Output format (text|json|html|csv)
  -o, --output <file>        Save report to file
  --no-block                 Don't exit with error code on violations
  -v, --verbose              Verbose output
  --fix                      Auto-fix .gitignore security issues
  -h, --help                 Show help
  --version                  Show version

VS Code Settings

{
  "devsecops.autoInstallHooks": true,
  "devsecops.blockOnViolation": true,
  "devsecops.severityThreshold": "medium",
  "devsecops.scanExclusions": [
    "node_modules/**",
    "dist/**",
    "build/**"
  ]
}

📈 Exit Codes

0 - No security violations found ✅
1 - Security violations found (blocks CI/CD) ❌
2 - Scan error occurred ⚠️

🏗️ Architecture

┌─────────────────────────────────────────┐
│         Security Scanner                │
│        (Orchestrator)                   │
└────────────┬────────────────────────────┘
             │
    ┌────────┼────────┐
    │        │        │
    ▼        ▼        ▼
┌────────┐ ┌────────┐ ┌────────┐
│Secret  │ │Docker  │ │Config  │
│Scanner │ │Scanner │ │Scanner │
└────┬───┘ └───┬────┘ └───┬────┘
     │         │          │
     └─────────┼──────────┘
               ▼
      ┌────────────────┐
      │ Policy Engine  │
      │ (BLOCK/ALLOW)  │
      └────────┬───────┘
               ▼
      ┌────────────────┐
      │ Report         │
      │ Generator      │
      └────────────────┘

📚 Documentation

For detailed information, see:

Installation Guide - Complete installation instructions
CI/CD Integration - GitHub Actions, GitLab CI, Jenkins examples
Configuration Options - Full CLI and VS Code settings reference
Security Patterns - Complete list of 50+ detection patterns

🛠️ Development

# Clone repository
git clone https://github.com/vijay-devsecops/git-guardian.git
cd git-guardian

# Install dependencies
npm install

# Build VS Code extension
npm run package

# Build CLI for npm
npm run build:cli

# Build everything
npm run build:all

# Test locally
npm test

🤝 Contributing

Contributions are welcome! Please follow these steps:

Fork the repository
Create a feature branch (git checkout -b feature/amazing-feature)
Commit your changes (git commit -m 'Add amazing feature')
Push to the branch (git push origin feature/amazing-feature)
Open a Pull Request

Please ensure your code:

Follows the existing code style
Includes appropriate tests
Updates documentation as needed

📝 License

MIT License - Free to use for personal and commercial projects.

🆘 Support & Community

Issues: GitHub Issues - Report bugs or request features
Discussions: GitHub Discussions - Ask questions and share ideas
Email: [email protected]
npm: npm package

⭐ Show Your Support

If DevSecOps Git Guardian helped secure your codebase, please consider:

⭐ Starring the repository on GitHub
📦 Sharing it with your team
🐛 Reporting bugs to help improve the tool
💡 Suggesting new features

🔒 Security

This tool is designed to find security vulnerabilities, but no tool is perfect. If you discover a security issue in DevSecOps Git Guardian itself, please email [email protected] directly rather than opening a public issue.

Built with dedication for the DevSecOps community 🛡️

Published

Vulnerabilities

Links

Maintainers

Keywords

Readme

🛡️ DevSecOps Git Guardian

✨ Features

🚀 Installation

Method 1: npm Package - CLI + Git Hooks

Method 2: VS Code Extension - Inline Diagnostics

Method 3: Docker Container - Universal CI/CD

💡 Which Method Should I Use?

🎯 Quick Start

CLI Usage

VS Code Extension

Docker Usage

🔄 CI/CD Integration

GitHub Actions

GitLab CI

Jenkins

📊 What It Detects

🔑 Secrets & Credentials (50+ patterns)

🐳 Docker Security Issues

⚙️ Configuration Misconfigurations

⚙️ Configuration

CLI Options

VS Code Settings

📈 Exit Codes

🏗️ Architecture

📚 Documentation

🛠️ Development

🤝 Contributing

📝 License

🆘 Support & Community

⭐ Show Your Support

🔒 Security