devsecops-git-guardian - npm Package Compare versions

Comparing version

1.2.0

1.3.0

+44

-4

CHANGELOG.md

		# Change Log

		All notable changes to the "git-guardian" extension will be documented in this file.
		All notable changes to "DevSecOps Git Guardian" will be documented in this file.

		Check [Keep a Changelog](http://keepachangelog.com/) for recommendations on how to structure this file.
		## [1.3.0] - 2026-02-11

		## [Unreleased]
		### Changed
		- Enhanced documentation - Professional README for npm and VS Code Marketplace
		- Improved package description - Clearer value proposition
		- Updated badges - Added npm version and download counts

		- Initial release
		### Documentation
		- Reorganized installation instructions for better clarity
		- Added inline diagnostics usage examples
		- Enhanced VS Code extension features documentation
		- Improved CI/CD integration examples

		## [1.2.0] - 2026-02-10

		### Fixed
		- GitHub Actions false positive - Exclude `${{secrets.GITHUB_TOKEN}}` and CI/CD variables from secret detection
		- GitLab CI variables - Skip `${}` variable syntax in YAML scanner

		### Added
		- Support for CI/CD variable exclusion patterns

		## [1.1.0] - 2026-02-09

		### Added
		- Inline diagnostics - Real-time security warnings with red squiggly lines
		- Line-level ignore - `@devsecops-ignore` comment support
		- File-level ignore - `@devsecops-ignore-file` at top of files
		- Severity-based colors - Visual distinction for CRITICAL, HIGH, MEDIUM, LOW issues

		### Changed
		- Enhanced VS Code extension UX with live scanning
		- Debounced file change detection for better performance

		## [1.0.0] - 2026-02-08

		### Added
		- Initial release
		- Multi-scanner security engine (Secrets, Docker, Config)
		- Git hook integration
		- CLI tool with multiple output formats
		- VS Code extension with webview
		- Docker container support
		- HTML/JSON/CSV reporting
		- 50+ security patterns detection

+2

-2

package.json

		{
		"name": "devsecops-git-guardian",
		"displayName": "DevSecOps Git Guardian",
		"description": "🛡️ Autonomous security enforcement for Git workflows - Blocks insecure pushes",
		"version": "1.2.0",
		"description": "🛡️ Block secrets, misconfigurations, and vulnerabilities before they reach your repository. Real-time security scanning with inline diagnostics.",
		"version": "1.3.0",
		"publisher": "vijay-devsecops",
		@@ -7,0 +7,0 @@ "icon": "images/icon.png",

+78

-87

README.md

		@@ -5,3 +5,5 @@ # 🛡️ DevSecOps Git Guardian

		![License](https://img.shields.io/badge/license-MIT-blue.svg)
		[![npm version](https://img.shields.io/npm/v/devsecops-git-guardian.svg)](https://www.npmjs.com/package/devsecops-git-guardian)
		[![Downloads](https://img.shields.io/npm/dt/devsecops-git-guardian.svg)](https://www.npmjs.com/package/devsecops-git-guardian)
		[![License](https://img.shields.io/badge/license-MIT-blue.svg)](#-license)
		![Node](https://img.shields.io/badge/node-%3E%3D18.0.0-brightgreen)
		@@ -11,3 +13,3 @@ ![TypeScript](https://img.shields.io/badge/TypeScript-5.3-blue)

		A capstone-level security tool that blocks insecure code before it reaches your repository. Available as a VS Code Extension, npm Package, and Docker Image for universal CI/CD integration.
		Block insecure code before it reaches your repository. A comprehensive security scanning tool that prevents secrets, misconfigurations, and vulnerabilities from entering your codebase. Available as a VS Code Extension, npm Package, and Docker Image for seamless integration into any development workflow.

		@@ -41,21 +43,17 @@ ---

		## 🚀 Three Ways to Use
		## 🚀 Installation

		### 1️⃣ npm Package (Quick Start)
		### Method 1: npm Package (Recommended)

		```bash
		# Zero installation - run instantly
		npx devsecops-scan
		# Install globally
		npm install -g devsecops-git-guardian

		# Or install globally
		npm install -g devsecops-git-guardian
		devsecops-scan /path/to/repo
		# Or use without installation
		npx devsecops-git-guardian
		```

		Perfect for: Node.js developers, quick scans, GitHub Actions
		### Method 2: Docker Container

		### 2️⃣ Docker Image (Universal CI/CD)

		```bash
		# Pull and run
		docker pull vijaydevsecops/git-guardian:latest
		@@ -65,32 +63,46 @@ docker run -v $(pwd):/workspace vijaydevsecops/git-guardian:latest

		Perfect for: GitLab, Jenkins, Azure Pipelines, any CI/CD platform
		### Method 3: VS Code Extension

		### 3️⃣ VS Code Extension
		1. Open VS Code
		2. Go to Extensions (`Ctrl+Shift+X`)
		3. Search for "DevSecOps Git Guardian"
		4. Click Install

		Install from VS Code Marketplace: DevSecOps Git Guardian
		Or install from [VS Code Marketplace](https://marketplace.visualstudio.com/)

		Perfect for: Developers using VS Code, real-time scanning

		---

		## 📖 Quick Start
		## 🎯 Quick Start

		### Option A: npm Package
		### CLI Usage

		```bash
		# Scan current directory
		npx devsecops-scan
		devsecops-scan

		# Only critical issues
		npx devsecops-scan --severity CRITICAL

		# Scan specific path
		devsecops-scan /path/to/your/project

		# Only show critical issues
		devsecops-scan --severity CRITICAL

		# Generate HTML report
		npx devsecops-scan --format html --output security-report.html
		devsecops-scan --format html --output security-report.html

		# Auto-fix .gitignore
		npx devsecops-scan --fix
		# Auto-fix .gitignore security issues
		devsecops-scan --fix
		```

		### Option B: Docker
		### VS Code Extension

		1. Open your project in VS Code
		2. The extension automatically scans files as you edit
		3. View security issues inline with red squiggly lines
		4. Open Command Palette (`Ctrl+Shift+P`) → `DevSecOps: Scan Repository`
		5. Ignore specific issues with `// @devsecops-ignore` or `@devsecops-ignore-file`

		### Docker Usage

		```bash
		@@ -100,13 +112,7 @@ # Basic scan

		# With options
		# With custom options
		docker run -v $(pwd):/workspace vijaydevsecops/git-guardian:latest \
		--severity MEDIUM --format json
		--severity MEDIUM --format json --output /workspace/report.json
		```

		### Option C: VS Code Extension

		1. Install extension from marketplace
		2. Open Command Palette (`Ctrl+Shift+P`)
		3. Run: `DevSecOps: Scan Repository`

		---
		@@ -258,22 +264,11 @@

		---

		## 🎓 Why This is Capstone-Level

		✅ Three Distribution Methods: VS Code Extension + npm Package + Docker Image
		✅ Universal CI/CD: Works with GitHub, GitLab, Jenkins, Azure, CircleCI
		✅ Multiple Audiences: Developers, DevOps Engineers, Security Teams
		✅ Production Ready: Used in real enterprise pipelines
		✅ Vendor Agnostic: Not locked to any single platform
		✅ Enterprise Features: Policy engine, audit trails, auto-remediation

		Use Case: A tech startup uses the npm package for local dev, Docker image in GitLab CI, and VS Code extension for real-time feedback. One tool, three deployment methods!

		---

		## 📚 Documentation

		- Deployment Guide - All three installation methods + CI/CD integration
		- Project Structure - Detailed architecture and code walkthrough
		- Changelog - Version history and updates
		For detailed information, see:
		- [Installation Guide](#-installation) - Complete installation instructions
		- [CI/CD Integration](#-cicd-integration) - GitHub Actions, GitLab CI, Jenkins examples
		- [Configuration Options](#-configuration) - Full CLI and VS Code settings reference
		- [Security Patterns](#-what-it-detects) - Complete list of 50+ detection patterns

		@@ -285,2 +280,6 @@ ---
		```bash
		# Clone repository
		git clone https://github.com/vijay-devsecops/git-guardian.git
		cd git-guardian

		# Install dependencies
		@@ -298,7 +297,4 @@ npm install

		# Test Docker locally
		docker-compose up scanner

		# Run in VS Code debug mode
		# Press F5 to open Extension Development Host
		# Test locally
		npm test
		```
		@@ -308,33 +304,17 @@

		## 🚀 Publishing
		## 🤝 Contributing

		### npm Package
		```bash
		npm login
		npm publish
		```
		Contributions are welcome! Please follow these steps:

		### Docker Hub
		```bash
		docker login
		docker push vijaydevsecops/git-guardian:latest
		```

		### VS Code Marketplace
		```bash
		npm install -g @vscode/vsce
		vsce package
		vsce publish
		```

		---

		## 🤝 Contributing

		1. Fork the repository
		2. Create a feature branch (`git checkout -b feature/amazing`)
		2. Create a feature branch (`git checkout -b feature/amazing-feature`)
		3. Commit your changes (`git commit -m 'Add amazing feature'`)
		4. Push to the branch (`git push origin feature/amazing`)
		4. Push to the branch (`git push origin feature/amazing-feature`)
		5. Open a Pull Request

		Please ensure your code:
		- Follows the existing code style
		- Includes appropriate tests
		- Updates documentation as needed

		---
		@@ -344,20 +324,31 @@

		MIT License - See LICENSE.txt file for details
		MIT License - Free to use for personal and commercial projects.

		---

		## 🆘 Support
		## 🆘 Support & Community

		- GitHub Issues: [Report bugs or request features](https://github.com/vijay-devsecops/git-guardian/issues)
		- Issues: [GitHub Issues](https://github.com/vijay-devsecops/git-guardian/issues) - Report bugs or request features
		- Discussions: [GitHub Discussions](https://github.com/vijay-devsecops/git-guardian/discussions) - Ask questions and share ideas
		- Email: vijaypalsinghrathore575@gmail.com
		- Documentation: [Full docs](https://github.com/vijay-devsecops/git-guardian#readme)
		- npm: [npm package](https://www.npmjs.com/package/devsecops-git-guardian)

		---

		## 🌟 Star History
		## ⭐ Show Your Support

		If this tool helped secure your codebase, give us a ⭐ on GitHub!
		If DevSecOps Git Guardian helped secure your codebase, please consider:
		- ⭐ Starring the repository on GitHub
		- 📦 Sharing it with your team
		- 🐛 Reporting bugs to help improve the tool
		- 💡 Suggesting new features

		---

		Built with ❤️ for DevSecOps Engineers
		## 🔒 Security

		This tool is designed to find security vulnerabilities, but no tool is perfect. If you discover a security issue in DevSecOps Git Guardian itself, please email vijaypalsinghrathore575@gmail.com directly rather than opening a public issue.

		---

		Built with dedication for the DevSecOps community 🛡️

-1

.env

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

.vscodeignore

Sorry, the diff of this file is not supported yet

devsecops-git-guardian - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics

Worsened metrics