codespell
ggshield
codespell | ggshield | |
---|---|---|
13 | 22 | |
1,745 | 1,529 | |
2.9% | 1.8% | |
9.6 | 9.6 | |
8 days ago | 7 days ago | |
Python | Python | |
GNU General Public License v3.0 only | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
codespell
-
Is there a Python linter that can check spelling and/or grammar?
You probably should use a separate linter for this. I use codespell in Neovim. You can use it from CLI and it is not Python specific.
-
Which code formatter do you use?
This plus codespell. Because we’d look like kindergartners otherwise.
- Typos-CLI – Source code spell checker
- Spellings, Grammer checker for code
- Started a new job and found this gem.
-
Found this in an intro from a gamedev youtuber
I keep making silly tyops like that, so I always add codespell as one of the pre-commit hooks of all the repositories I own.
-
How to fix typos in your code for goods !
codespell
-
Life is Too Short to Review Spaces
codespell checks for typos. We chose this tool because it is based on a list of common typos, which reduces the number of false positives to a minimum.
-
My developer is not a native English speaker -- would it be rude/offensive to fix spelling errors in my apps code? Does it matter?
Something like https://github.com/codespell-project/codespell
-
Chickity-check yo self before you wreck yo self!
--- # .pre-commit-config.yaml # ======================== # # pre-commit clean # pre-commit install # pre-commit install-hooks # # precommit hooks installation # # - pre-commit autoupdate # # - pre-commit run black # # continuous integration # ====================== # # - pre-commit run --all-files # repos: - repo: https://github.com/pre-commit/pre-commit-hooks rev: v4.0.1 hooks: - id: trailing-whitespace - id: end-of-file-fixer - id: debug-statements - id: check-merge-conflict - id: sort-simple-yaml - id: fix-encoding-pragma args: ["--remove"] - id: forbid-new-submodules - id: mixed-line-ending args: ["--fix=lf"] description: Forces to replace line ending by the UNIX 'lf' character. - id: check-added-large-files args: ["--maxkb=500"] - id: no-commit-to-branch args: [--branch, master] - id: check-yaml - id: check-json files: ^tests/app/ - id: pretty-format-json args: ["--no-sort-keys", "--autofix"] files: ^tests/app/ - repo: meta hooks: - id: check-hooks-apply - id: check-useless-excludes - repo: https://github.com/ambv/black rev: 21.5b1 hooks: - id: black language_version: python3.9 - repo: https://github.com/PyCQA/bandit rev: 1.7.0 hooks: - id: bandit description: Security oriented static analyser for python code exclude: tests/|scripts/ args: - -s - B101 - repo: https://github.com/codespell-project/codespell rev: v2.1.0 hooks: - id: codespell name: codespell description: Checks for common misspellings in text files. entry: codespell language: python types: [text] - repo: https://github.com/asottile/pyupgrade rev: v2.19.4 hooks: - id: pyupgrade
ggshield
-
Tools for checking your code?
For secrets scanning you can implement ggshield precommit hook. : https://github.com/GitGuardian/ggshield
-
What do i tell him?
I believe you'll get all the information you need on their website
-
Infrastructure as Code Security [Security Zines]
The GitGuardian's CLI, ggshield, was recently updated to support IaC misconfigurations scanning: it's as easy as ggshield iac scan path_to_iac_main_folder.
- GitHub Access Token Exposure
-
How To Use ggshield To Avoid Hardcoded Secrets [cheat sheet included]
If you want to build a configuration from an example, you can find a sample config file at https://github.com/GitGuardian/ggshield/blob/main/.gitguardian.example.yml.
-
Security scanning
I agree that code scanning is really important, the best way to convince others is to identify high-risk threats in source code and present them to the decision-makers. For example, scanning Secrets is great for showing how repositories can be a massive vulnerability and identifying some low-hanging fruit, especially in the git history. Attackers are really after git repository access for this reason and there are plenty of open-source or free tools that you can use to illustrate the problem. Git-Secrets, Truffle Hog. These aren't great for a long-term commercial solution, something like GitGuardian is a better commercial tool but if the goal is just to illustrate the problem then finding some high-value secrets with free tools is a good way to convince the security personnel to invest in some solutions. Then the door is open to having more conversations as you have already proven the risk.
- Toyota Accidently Exposed a Secret Key Publicly on GitHub for Five Years
-
Thinking Like a Hacker: Abusing Stolen Private Keys
First up is the leaked TLS private key. Poor Corp added their wildcard certificate to their GitLab image, but they didn’t consider that anyone could steal the private key from the Docker image once published on Docker Hub. Rather than adding sensitive files and hardcoded environment variables to their containers while they were being built, Poor Corp should have used runtime environment variables and mounted volumes to pass secrets into the container—by the way, ggshield, the secrets detection CLI from GitGuardian, has a command for scanning Docker images. If you find that you’ve also made this mistake, you need to immediately revoke any certificates or credentials that were exposed.
-
How to make security policies a team effort
GitGuardian’s CLI, ggshield, can be installed as a pre-commit hook on a developer’s workstation to act like a security seatbelt preventing any secret from being committed locally in the first place. If a developer chooses to bypass the guardrail and push a secret anyway, the event is reported in the GitGuardian dashboard. This allows security teams to have eyes on any possible policy issues as developers build—all without holding up their progress. These tools can detect risks, watch for vulnerabilities, and notify the right people in a non-intrusive way.
-
Life is Too Short to Review Spaces
ggshield is one of the tools we develop at GitGuardian to help secure the codebase. Integrated as a hook it will scan the content of the git patch to make sure it does not contains any secret like an API token.
What are some alternatives?
pre-commit-hooks - Some out-of-the-box hooks for pre-commit
Mobile-Security-Framework-MobSF - Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
pre-commit - A framework for managing and maintaining multi-language pre-commit hooks.
whispers - Identify hardcoded secrets in static structured text
grammarly-api - 📚 Unofficial TypeScript client for the Grammarly API
gitleaks - Protect and discover secrets using Gitleaks 🔑
typos - Source code spell checker
buildnotify - A system tray based build status notification app for cctray.xml feeds.
black - The uncompromising Python code formatter [Moved to: https://github.com/psf/black]
ochrona-cli - A command line tool for detecting vulnerabilities in Python dependencies and doing safe package installs
bandit - Bandit is a tool designed to find common security issues in Python code.
faraday_plugins - Security tools report parsers for Faradaysec.com