Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
By Socket Research Team - Dec 02, 2024
Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
pygitguardian
Python Wrapper for GitGuardian's API -- Scan security policy breaks everywhere
- 1.17.0
- PyPI
Sorry we don't scan binary artifacts yet
- Maintainers
- 1
py-gitguardian - GitGuardian API Client
API client library for the GitGuardian API.
The GitGuardian API puts at your fingertips the power to detect more than 200 types of secrets in any text content, as well as other potential security vulnerabilities.
py-gitguardian can be used to create integrations to scan various data sources, from your workstation's filesystem to your favorite chat application.
You can check API details here with all the response codes and expected structures on each method.
Requirements
Python 3.8+
Projects using py-gitguardian
- GitGuardian Shield - Scan for secrets in your CI and pre-commit.
Getting started
You can obtain API keys for API usage on your dashboard.
pip
pip3 install --upgrade pygitguardian
pipenv
pipenv install pygitguardian
pdm
pdm add pygitguardian
poetry
poetry add pygitguardian
Examples
Check examples/ for full examples on how to use py-gitguardian.
Scanning text content
# please don't hardcode your gg_api_key in source code :)
API_KEY = os.getenv("GITGUARDIAN_API_KEY")
DOCUMENT = """
import urllib.request
url = 'http://jen_barber:correcthorsebatterystaple@cake.gitguardian.com/isreal.json'
response = urllib.request.urlopen(url)
consume(response.read())"
"""
client = GGClient(api_key=API_KEY)
# Check the health of the API and the API key used.
if client.health_check().success:
try:
scan_result = client.content_scan(DOCUMENT)
except Exception as exc:
# Handle exceptions such as schema validation
traceback.print_exc(2, file=sys.stderr)
print(str(exc))
print(scan_result)
else:
print("Invalid API Key")
Scanning multiple files
API_KEY = os.getenv("GITGUARDIAN_API_KEY")
client = GGClient(api_key=API_KEY)
# Create a list of dictionaries for scanning
file_paths = (pathlib.Path(name) for name in glob.iglob("**/*", recursive=True))
to_scan = [
{"filename": path.name, "document": path.read_text(errors="replace")}
for path in file_paths
]
scan = client.multi_content_scan(to_scan)
Transform results to dict or JSON
Any model in py-gitguardian can be turned to a JSON string or a dictionary using
the to_dict and to_json methods.
from pygitguardian.models import Detail
detail = Detail("Invalid API Key.")
print(detail.to_dict())
print(detail.to_json())
Dependencies
Py-gitguardian depends on these excellent libraries:
requests- HTTP clientmarshmallow- Request (de)serialization and input validation
FAQs
Python Wrapper for GitGuardian's API -- Scan security policy breaks everywhere
We found that pygitguardian demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Research
Typosquatting Cryptographic Libraries: Malicious npm Packages Threaten Crypto Developers with Keylogging and Wallet Theft
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
By Kirill Boychenko - Nov 27, 2024
Security News
Weekly Downloads Now Available in npm Package Search Results
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.
By Sarah Gooding - Nov 26, 2024