devsecops-git-guardian

🛡️ DevSecOps Git Guardian

Autonomous Security Enforcement for Git Workflows & CI/CD Pipelines

Block insecure code before it reaches your repository. A comprehensive security scanning tool that prevents secrets, misconfigurations, and vulnerabilities from entering your codebase. Available as a VS Code Extension, npm Package, and Docker Image for seamless integration into any development workflow.

✨ Features

🔍 Multi-Scanner Security Engine

• Secret Scanner: Detects 50+ patterns (AWS keys, API tokens, database credentials, SSH keys)
• Docker Scanner: Finds security issues in Dockerfiles (root user, exposed ports, hardcoded secrets)
• Config Scanner: Scans YAML/JSON for misconfigurations (debug mode, insecure settings)

🛡️ Autonomous Enforcement

• Git Hook Integration: Blocks git push when violations found
• CI/CD Pipeline Integration: Fails builds on security issues
• Policy Engine: Configurable severity thresholds (CRITICAL, HIGH, MEDIUM, LOW)

📊 Comprehensive Reporting

• HTML Reports with visual dashboard
• JSON/CSV exports for automation
• Real-time VS Code webview
• CI/CD artifact generation

🔧 Auto-Remediation

• Automatically secures .gitignore files
• Prevents accidental secret commits
• Suggests fixes for violations

🚀 Installation

Choose what you need:

Method 1: npm Package - CLI + Git Hooks

# Install globally
npm install -g devsecops-git-guardian

# Or use without installation
npx devsecops-git-guardian

What you get:

• ✅ CLI scanner with full reports
• ✅ Git hooks (blocks insecure commits/pushes)
• ✅ CI/CD integration
• ✅ Works in any terminal/editor

Auto-setup:

• Git hooks install automatically if .git folder exists
• No VS Code required!

Method 2: VS Code Extension - Inline Diagnostics

• Open VS Code
• Go to Extensions (Ctrl+Shift+X)
• Search for "DevSecOps Git Guardian"
• Click Install

Or install from VS Code Marketplace

What you get:

• ✅ Real-time inline warnings (red squiggly lines)
• ✅ Hover to see security details
• ✅ Auto-scan as you type
• ✅ Quick fix suggestions

Note: Extension works standalone OR with npm package for git hooks

Method 3: Docker Container - Universal CI/CD

docker pull vijaydevsecops/git-guardian:latest
docker run -v $(pwd):/workspace vijaydevsecops/git-guardian:latest

What you get:

• ✅ Platform-independent scanning
• ✅ Perfect for Jenkins, GitLab CI, Azure Pipelines
• ✅ No Node.js required

💡 Which Method Should I Use?

Use Case	Recommended Method
Node.js developer	npm package (CLI + hooks)
VS Code user	Extension only (or both!)
Want git protection	npm package (for hooks)
Want inline warnings	VS Code extension
CI/CD pipeline	npm package OR Docker
Full experience	npm package + VS Code extension

🎯 Smart Auto-Setup (npm package only):

• Automatically installs git hooks if .git exists
• Shows VS Code extension instructions if VS Code detected (optional)
• No forced installations - you choose what you want!

🎯 Quick Start

CLI Usage

# Scan current directory
devsecops-scan

# Only critical issues

# Scan specific path
devsecops-scan /path/to/your/project

# Only show critical issues
devsecops-scan --severity CRITICAL

# Generate HTML report
devsecops-scan --format html --output security-report.html

# Auto-fix .gitignore security issues
devsecops-scan --fix

VS Code Extension

• Open your project in VS Code
• The extension automatically scans files as you edit
• View security issues inline with red squiggly lines
• Open Command Palette (Ctrl+Shift+P) → DevSecOps: Scan Repository
• Ignore specific issues with // @devsecops-ignore or @devsecops-ignore-file

Docker Usage

# Basic scan
docker run -v $(pwd):/workspace vijaydevsecops/git-guardian:latest

# With custom options
docker run -v $(pwd):/workspace vijaydevsecops/git-guardian:latest \
  --severity MEDIUM --format json --output /workspace/report.json

🔄 CI/CD Integration

GitHub Actions

name: Security Scan
on: [push, pull_request]

jobs:
  security:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Security Scan
        run: npx devsecops-scan --severity MEDIUM

GitLab CI

security-scan:
  image: vijaydevsecops/git-guardian:latest
  script:
    - scan $CI_PROJECT_DIR --severity MEDIUM

Jenkins

pipeline {
  agent {
    docker { image 'vijaydevsecops/git-guardian:latest' }
  }
  stages {
    stage('Security') {
      steps {
        sh 'scan . --severity MEDIUM'
      }
    }
  }
}

📊 What It Detects

🔑 Secrets & Credentials (50+ patterns)

• AWS Access Keys & Secret Keys
• GitHub/GitLab Personal Access Tokens
• API Keys (Stripe, Google Cloud, Twilio, SendGrid, etc.)
• Database Connection Strings
• SSH Private Keys & PEM files
• JWT Tokens & OAuth credentials
• Hardcoded passwords

🐳 Docker Security Issues

• Running as root user
• Missing USER directive
• Exposed sensitive ports (SSH, MySQL, PostgreSQL, MongoDB, Redis)
• Using latest tag instead of pinned versions
• Missing HEALTHCHECK
• Hardcoded secrets in RUN commands

⚙️ Configuration Misconfigurations

• Hardcoded passwords in YAML/JSON
• Debug mode enabled in production
• SSL/HTTPS disabled
• Insecure default values
• API keys in config files

⚙️ Configuration

CLI Options

OPTIONS:
  -p, --path <path>          Path to scan (default: current directory)
  -s, --severity <level>     Minimum severity (LOW|MEDIUM|HIGH|CRITICAL)
  -f, --format <format>      Output format (text|json|html|csv)
  -o, --output <file>        Save report to file
  --no-block                 Don't exit with error code on violations
  -v, --verbose              Verbose output
  --fix                      Auto-fix .gitignore security issues
  -h, --help                 Show help
  --version                  Show version

VS Code Settings

{
  "devsecops.autoInstallHooks": true,
  "devsecops.blockOnViolation": true,
  "devsecops.severityThreshold": "medium",
  "devsecops.scanExclusions": [
    "node_modules/**",
    "dist/**",
    "build/**"
  ]
}

📈 Exit Codes

• 0 - No security violations found ✅
• 1 - Security violations found (blocks CI/CD) ❌
• 2 - Scan error occurred ⚠️

🏗️ Architecture

┌─────────────────────────────────────────┐
│         Security Scanner                │
│        (Orchestrator)                   │
└────────────┬────────────────────────────┘
             │
    ┌────────┼────────┐
    │        │        │
    ▼        ▼        ▼
┌────────┐ ┌────────┐ ┌────────┐
│Secret  │ │Docker  │ │Config  │
│Scanner │ │Scanner │ │Scanner │
└────┬───┘ └───┬────┘ └───┬────┘
     │         │          │
     └─────────┼──────────┘
               ▼
      ┌────────────────┐
      │ Policy Engine  │
      │ (BLOCK/ALLOW)  │
      └────────┬───────┘
               ▼
      ┌────────────────┐
      │ Report         │
      │ Generator      │
      └────────────────┘

📚 Documentation

For detailed information, see:

• Installation Guide - Complete installation instructions
• CI/CD Integration - GitHub Actions, GitLab CI, Jenkins examples
• Configuration Options - Full CLI and VS Code settings reference
• Security Patterns - Complete list of 50+ detection patterns

🛠️ Development

# Clone repository
git clone https://github.com/vijay-devsecops/git-guardian.git
cd git-guardian

# Install dependencies
npm install

# Build VS Code extension
npm run package

# Build CLI for npm
npm run build:cli

# Build everything
npm run build:all

# Test locally
npm test

🤝 Contributing

Contributions are welcome! Please follow these steps:

• Fork the repository
• Create a feature branch (git checkout -b feature/amazing-feature)
• Commit your changes (git commit -m 'Add amazing feature')
• Push to the branch (git push origin feature/amazing-feature)
• Open a Pull Request

Please ensure your code:

• Follows the existing code style
• Includes appropriate tests
• Updates documentation as needed

📝 License

MIT License - Free to use for personal and commercial projects.

🆘 Support & Community

• Issues: GitHub Issues - Report bugs or request features
• Discussions: GitHub Discussions - Ask questions and share ideas
• Email: vijaypalsinghrathore575@gmail.com
• npm: npm package

⭐ Show Your Support

If DevSecOps Git Guardian helped secure your codebase, please consider:

• ⭐ Starring the repository on GitHub
• 📦 Sharing it with your team
• 🐛 Reporting bugs to help improve the tool
• 💡 Suggesting new features

🔒 Security

This tool is designed to find security vulnerabilities, but no tool is perfect. If you discover a security issue in DevSecOps Git Guardian itself, please email vijaypalsinghrathore575@gmail.com directly rather than opening a public issue.

Built with dedication for the DevSecOps community 🛡️