🛡οΈ DevSecOps Git Guardian
Autonomous Security Enforcement for Git Workflows & CI/CD Pipelines
Block insecure code before it reaches your repository. A comprehensive security scanning tool that prevents secrets, misconfigurations, and vulnerabilities from entering your codebase. Available as a VS Code Extension, npm Package, and Docker Image for seamless integration into any development workflow.
β¨ Features
🔍 Multi-Scanner Security Engine
- Secret Scanner: Detects 50+ patterns (AWS keys, API tokens, database credentials, SSH keys)
- Docker Scanner: Finds security issues in Dockerfiles (root user, exposed ports, hardcoded secrets)
- Config Scanner: Scans YAML/JSON for misconfigurations (debug mode, insecure settings)
🛡οΈ Autonomous Enforcement
- Git Hook Integration: Blocks
git push when violations found
- CI/CD Pipeline Integration: Fails builds on security issues
- Policy Engine: Configurable severity thresholds (CRITICAL, HIGH, MEDIUM, LOW)
📊 Comprehensive Reporting
- HTML Reports with visual dashboard
- JSON/CSV exports for automation
- Real-time VS Code webview
- CI/CD artifact generation
🔧 Auto-Remediation
- Automatically secures
.gitignore files
- Prevents accidental secret commits
- Suggests fixes for violations
🚀 Installation
Choose what you need:
Method 1: npm Package - CLI + Git Hooks
# Install globally
npm install -g devsecops-git-guardian
# Or use without installation
npx devsecops-git-guardian
What you get:
- β
CLI scanner with full reports
- β
Git hooks (blocks insecure commits/pushes)
- β
CI/CD integration
- β
Works in any terminal/editor
Auto-setup:
- Git hooks install automatically if
.git folder exists
- No VS Code required!
Method 2: VS Code Extension - Inline Diagnostics
- Open VS Code
- Go to Extensions (
Ctrl+Shift+X)
- Search for "DevSecOps Git Guardian"
- Click Install
Or install from VS Code Marketplace
What you get:
- β
Real-time inline warnings (red squiggly lines)
- β
Hover to see security details
- β
Auto-scan as you type
- β
Quick fix suggestions
Note: Extension works standalone OR with npm package for git hooks
Method 3: Docker Container - Universal CI/CD
docker pull vijaydevsecops/git-guardian:latest
docker run -v $(pwd):/workspace vijaydevsecops/git-guardian:latest
What you get:
- β
Platform-independent scanning
- β
Perfect for Jenkins, GitLab CI, Azure Pipelines
- β
No Node.js required
💡 Which Method Should I Use?
| Use Case |
Recommended Method |
| Node.js developer |
npm package (CLI + hooks) |
| VS Code user |
Extension only (or both!) |
| Want git protection |
npm package (for hooks) |
| Want inline warnings |
VS Code extension |
| CI/CD pipeline |
npm package OR Docker |
| Full experience |
npm package + VS Code extension |
🎯 Smart Auto-Setup (npm package only):
- Automatically installs git hooks if
.git exists
- Shows VS Code extension instructions if VS Code detected (optional)
- No forced installations - you choose what you want!
🎯 Quick Start
CLI Usage
# Scan current directory
devsecops-scan
# Only critical issues
# Scan specific path
devsecops-scan /path/to/your/project
# Only show critical issues
devsecops-scan --severity CRITICAL
# Generate HTML report
devsecops-scan --format html --output security-report.html
# Auto-fix .gitignore security issues
devsecops-scan --fix
VS Code Extension
- Open your project in VS Code
- The extension automatically scans files as you edit
- View security issues inline with red squiggly lines
- Open Command Palette (
Ctrl+Shift+P) β DevSecOps: Scan Repository
- Ignore specific issues with
// @devsecops-ignore or @devsecops-ignore-file
Docker Usage
# Basic scan
docker run -v $(pwd):/workspace vijaydevsecops/git-guardian:latest
# With custom options
docker run -v $(pwd):/workspace vijaydevsecops/git-guardian:latest \
--severity MEDIUM --format json --output /workspace/report.json
🔄 CI/CD Integration
GitHub Actions
name: Security Scan
on: [push, pull_request]
jobs:
security:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Security Scan
run: npx devsecops-scan --severity MEDIUM
GitLab CI
security-scan:
image: vijaydevsecops/git-guardian:latest
script:
- scan $CI_PROJECT_DIR --severity MEDIUM
Jenkins
pipeline {
agent {
docker { image 'vijaydevsecops/git-guardian:latest' }
}
stages {
stage('Security') {
steps {
sh 'scan . --severity MEDIUM'
}
}
}
}
📊 What It Detects
🔑 Secrets & Credentials (50+ patterns)
- AWS Access Keys & Secret Keys
- GitHub/GitLab Personal Access Tokens
- API Keys (Stripe, Google Cloud, Twilio, SendGrid, etc.)
- Database Connection Strings
- SSH Private Keys & PEM files
- JWT Tokens & OAuth credentials
- Hardcoded passwords
🐳 Docker Security Issues
- Running as root user
- Missing USER directive
- Exposed sensitive ports (SSH, MySQL, PostgreSQL, MongoDB, Redis)
- Using
latest tag instead of pinned versions
- Missing HEALTHCHECK
- Hardcoded secrets in RUN commands
βοΈ Configuration Misconfigurations
- Hardcoded passwords in YAML/JSON
- Debug mode enabled in production
- SSL/HTTPS disabled
- Insecure default values
- API keys in config files
βοΈ Configuration
CLI Options
OPTIONS:
-p, --path <path> Path to scan (default: current directory)
-s, --severity <level> Minimum severity (LOW|MEDIUM|HIGH|CRITICAL)
-f, --format <format> Output format (text|json|html|csv)
-o, --output <file> Save report to file
--no-block Don't exit with error code on violations
-v, --verbose Verbose output
--fix Auto-fix .gitignore security issues
-h, --help Show help
--version Show version
VS Code Settings
{
"devsecops.autoInstallHooks": true,
"devsecops.blockOnViolation": true,
"devsecops.severityThreshold": "medium",
"devsecops.scanExclusions": [
"node_modules/**",
"dist/**",
"build/**"
]
}
📈 Exit Codes
0 - No security violations found β
1 - Security violations found (blocks CI/CD) β2 - Scan error occurred β οΈ
🏗οΈ Architecture
βββββββββββββββββββββββββββββββββββββββββββ
β Security Scanner β
β (Orchestrator) β
ββββββββββββββ¬βββββββββββββββββββββββββββββ
β
ββββββββββΌβββββββββ
β β β
βΌ βΌ βΌ
ββββββββββ ββββββββββ ββββββββββ
βSecret β βDocker β βConfig β
βScanner β βScanner β βScanner β
ββββββ¬ββββ βββββ¬βββββ βββββ¬βββββ
β β β
βββββββββββΌβββββββββββ
βΌ
ββββββββββββββββββ
β Policy Engine β
β (BLOCK/ALLOW) β
ββββββββββ¬ββββββββ
βΌ
ββββββββββββββββββ
β Report β
β Generator β
ββββββββββββββββββ
📚 Documentation
For detailed information, see:
🛠οΈ Development
# Clone repository
git clone https://github.com/vijay-devsecops/git-guardian.git
cd git-guardian
# Install dependencies
npm install
# Build VS Code extension
npm run package
# Build CLI for npm
npm run build:cli
# Build everything
npm run build:all
# Test locally
npm test
🤝 Contributing
Contributions are welcome! Please follow these steps:
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature)
- Commit your changes (
git commit -m 'Add amazing feature')
- Push to the branch (
git push origin feature/amazing-feature)
- Open a Pull Request
Please ensure your code:
- Follows the existing code style
- Includes appropriate tests
- Updates documentation as needed
📝 License
MIT License - Free to use for personal and commercial projects.
β Show Your Support
If DevSecOps Git Guardian helped secure your codebase, please consider:
- β Starring the repository on GitHub
- 📦 Sharing it with your team
- 🐛 Reporting bugs to help improve the tool
- 💡 Suggesting new features
🔒 Security
This tool is designed to find security vulnerabilities, but no tool is perfect. If you discover a security issue in DevSecOps Git Guardian itself, please email vijaypalsinghrathore575@gmail.com directly rather than opening a public issue.
Built with dedication for the DevSecOps community 🛡οΈ
