{"id":51026623,"url":"https://github.com/gitstq/ai-secret-guard","last_synced_at":"2026-06-21T20:02:08.059Z","repository":{"id":362945620,"uuid":"1261394143","full_name":"gitstq/ai-secret-guard","owner":"gitstq","description":"🔒 AI-Powered Secret Detection \u0026 Risk Assessment Tool - Intelligent scanning for API keys, passwords, tokens in code repositories","archived":false,"fork":false,"pushed_at":"2026-06-06T16:19:42.000Z","size":31,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-06-06T18:10:55.076Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/gitstq.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-06-06T16:16:31.000Z","updated_at":"2026-06-06T16:19:25.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/gitstq/ai-secret-guard","commit_stats":null,"previous_names":["gitstq/ai-secret-guard"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/gitstq/ai-secret-guard","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gitstq%2Fai-secret-guard","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gitstq%2Fai-secret-guard/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gitstq%2Fai-secret-guard/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gitstq%2Fai-secret-guard/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/gitstq","download_url":"https://codeload.github.com/gitstq/ai-secret-guard/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gitstq%2Fai-secret-guard/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34623906,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-21T02:00:05.568Z","response_time":54,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-06-21T20:02:07.411Z","updated_at":"2026-06-21T20:02:08.053Z","avatar_url":"https://github.com/gitstq.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# 🔒 AI Secret Guard\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"https://img.shields.io/badge/Python-3.8%2B-blue?logo=python\" alt=\"Python 3.8+\"\u003e\n  \u003cimg src=\"https://img.shields.io/badge/License-MIT-green.svg\" alt=\"License: MIT\"\u003e\n  \u003cimg src=\"https://img.shields.io/badge/Tests-26%20passing-brightgreen\" alt=\"Tests\"\u003e\n  \u003cimg src=\"https://img.shields.io/badge/Platform-Cross--Platform-lightgrey\" alt=\"Platform\"\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003cb\u003e🌐 \u003ca href=\"#简体中文\"\u003e简体中文\u003c/a\u003e | \u003ca href=\"#繁體中文\"\u003e繁體中文\u003c/a\u003e | \u003ca href=\"#english\"\u003eEnglish\u003c/a\u003e\u003c/b\u003e\n\u003c/p\u003e\n\n---\n\n## English\n\n### 🎉 Project Introduction\n\n**AI Secret Guard** is an intelligent, AI-enhanced secret detection and risk assessment tool designed to help developers and security teams identify API keys, passwords, tokens, and other sensitive information accidentally committed to code repositories.\n\n**Core Value Proposition:**\n- 🛡️ **Prevent security breaches** before they happen by catching secrets in code\n- 🤖 **AI-enhanced accuracy** reduces false positives by up to 60% compared to traditional regex-only tools\n- ⚡ **Blazing fast scans** with multi-threaded processing - scan 1000+ files in seconds\n- 🎯 **Contextual risk scoring** prioritizes the most dangerous exposures\n\n**Inspiration:** This project was inspired by tools like `gitleaks` and `truffleHog`, but addresses their key limitations: high false-positive rates, lack of risk context, and limited customization. We built AI Secret Guard from the ground up with a focus on **accuracy, speed, and actionable intelligence**.\n\n### ✨ Core Features\n\n| Feature | Description |\n|---------|-------------|\n| 🔍 **15+ Detection Rules** | Covers OpenAI, AWS, GitHub, Slack, Stripe, JWT, private keys, database URLs, and more |\n| 🤖 **AI-Enhanced Analysis** | Contextual analysis reduces false positives from test files, documentation, and examples |\n| 🎯 **Risk Scoring Engine** | Calculates 0-100 risk scores based on secret type, file context, and confidence |\n| 📊 **Multi-Format Reports** | Generate Console, JSON, and HTML reports with beautiful visualizations |\n| ⚡ **High Performance** | Multi-threaded scanning with configurable worker pools |\n| 🔧 **CI/CD Integration** | Native GitHub Actions support with fail-on-secret capabilities |\n| 🛠️ **Custom Rules** | Easily extend with your own detection patterns |\n| 🌐 **Zero Dependencies** | Uses only Python standard library - maximum portability |\n\n### 🚀 Quick Start\n\n**Requirements:**\n- Python 3.8 or higher\n\n**Installation:**\n\n```bash\n# Install from PyPI (coming soon)\npip install ai-secret-guard\n\n# Or install from source\ngit clone https://github.com/gitstq/ai-secret-guard.git\ncd ai-secret-guard\npip install -e .\n```\n\n**Basic Usage:**\n\n```bash\n# Scan a repository\nai-secret-guard scan /path/to/repo\n\n# Generate HTML report\nai-secret-guard scan /path/to/repo --format html --output report.html\n\n# Scan a single file\nai-secret-guard file /path/to/file.py\n\n# Disable AI enhancement for faster scanning\nai-secret-guard scan /path/to/repo --no-ai\n```\n\n**Python API:**\n\n```python\nfrom ai_secret_guard import SecretScanner\nfrom ai_secret_guard.reporter import ReportGenerator\n\n# Initialize scanner\nscanner = SecretScanner()\n\n# Scan repository\nresult = scanner.scan_repository(\"/path/to/repo\")\n\n# Generate report\nreporter = ReportGenerator(result)\nreporter.generate_html_report(\"report.html\")\n```\n\n### 📖 Detailed Usage Guide\n\n**Advanced Scan Options:**\n\n```bash\n# Custom worker threads\nai-secret-guard scan . --workers 8\n\n# Custom ignore patterns\nai-secret-guard scan . --ignore \"*.log\" --ignore \"temp/*\"\n\n# JSON output for programmatic use\nai-secret-guard scan . --format json --output results.json\n```\n\n**CI/CD Integration (GitHub Actions):**\n\n```yaml\nname: Secret Scan\non: [push, pull_request]\njobs:\n  scan:\n    runs-on: ubuntu-latest\n    steps:\n      - uses: actions/checkout@v4\n      - uses: actions/setup-python@v5\n        with:\n          python-version: '3.11'\n      - run: pip install ai-secret-guard\n      - run: ai-secret-guard scan .\n```\n\n### 💡 Design Philosophy\n\n**Why AI Secret Guard?**\n\n1. **Accuracy First:** Traditional tools rely solely on regex patterns, leading to excessive false positives. Our AI-enhanced layer analyzes context (file type, surrounding code, variable names) to distinguish real secrets from examples and test data.\n\n2. **Actionable Intelligence:** Every finding includes a risk score (0-100) and specific remediation advice. Critical secrets in production configs are flagged immediately.\n\n3. **Developer Experience:** Zero dependencies mean it works anywhere Python runs. The CLI provides real-time progress bars and clear, color-coded output.\n\n**Technology Choices:**\n- **Pure Python:** Maximum compatibility, no dependency hell\n- **ThreadPoolExecutor:** Efficient I/O-bound scanning without GIL limitations\n- **Dataclass Models:** Clean, type-hinted code that's easy to extend\n\n**Roadmap:**\n- [ ] Machine learning model for even better false-positive reduction\n- [ ] Pre-commit hook integration\n- [ ] SARIF format output for security platform integration\n- [ ] Docker container for consistent CI/CD usage\n- [ ] IDE plugins (VS Code, IntelliJ)\n\n### 📦 Packaging \u0026 Deployment\n\n**Build from source:**\n\n```bash\n# Install build dependencies\npip install build twine\n\n# Build package\npython -m build\n\n# Upload to PyPI (maintainers only)\npython -m twine upload dist/*\n```\n\n**Docker (coming soon):**\n\n```bash\ndocker run -v $(pwd):/repo gitstq/ai-secret-guard scan /repo\n```\n\n### 🤝 Contributing\n\nWe welcome contributions! Please see our [Contributing Guide](CONTRIBUTING.md) for details.\n\n- 🐛 **Bug Reports:** Open an issue with reproduction steps\n- 💡 **Feature Requests:** Open an issue with the `enhancement` label\n- 🔧 **Pull Requests:** Fork, branch, and submit PRs to `main`\n\n### 📄 License\n\nThis project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.\n\n---\n\n## 简体中文\n\n### 🎉 项目介绍\n\n**AI Secret Guard** 是一款智能AI增强型密钥泄露检测与风险评估工具，旨在帮助开发者和安全团队识别意外提交到代码仓库中的API密钥、密码、令牌和其他敏感信息。\n\n**核心价值：**\n- 🛡️ **在安全事故发生前预防**，及时发现代码中的密钥泄露\n- 🤖 **AI增强的准确性**，相比传统纯正则工具降低60%误报率\n- ⚡ **极速扫描**，多线程处理 - 秒级扫描1000+文件\n- 🎯 **上下文风险评分**，优先处理最危险的泄露\n\n**灵感来源：** 本项目受到 `gitleaks` 和 `truffleHog` 等工具的启发，但解决了它们的关键局限：高误报率、缺乏风险上下文、有限的自定义能力。我们从零开始构建AI Secret Guard，专注于**准确性、速度和可操作的情报**。\n\n### ✨ 核心特性\n\n| 特性 | 描述 |\n|------|------|\n| 🔍 **15+ 检测规则** | 覆盖OpenAI、AWS、GitHub、Slack、Stripe、JWT、私钥、数据库连接串等 |\n| 🤖 **AI增强分析** | 上下文分析减少测试文件、文档和示例的误报 |\n| 🎯 **风险评分引擎** | 基于密钥类型、文件上下文和置信度计算0-100风险分数 |\n| 📊 **多格式报告** | 生成控制台、JSON和HTML报告，附带精美可视化 |\n| ⚡ **高性能** | 多线程扫描，可配置工作线程池 |\n| 🔧 **CI/CD集成** | 原生GitHub Actions支持，发现密钥可失败构建 |\n| 🛠️ **自定义规则** | 轻松扩展自己的检测模式 |\n| 🌐 **零依赖** | 仅使用Python标准库 - 最大可移植性 |\n\n### 🚀 快速开始\n\n**环境要求：**\n- Python 3.8 或更高版本\n\n**安装：**\n\n```bash\n# 从PyPI安装（即将推出）\npip install ai-secret-guard\n\n# 或从源码安装\ngit clone https://github.com/gitstq/ai-secret-guard.git\ncd ai-secret-guard\npip install -e .\n```\n\n**基本用法：**\n\n```bash\n# 扫描仓库\nai-secret-guard scan /path/to/repo\n\n# 生成HTML报告\nai-secret-guard scan /path/to/repo --format html --output report.html\n\n# 扫描单个文件\nai-secret-guard file /path/to/file.py\n\n# 禁用AI增强以加快扫描速度\nai-secret-guard scan /path/to/repo --no-ai\n```\n\n**Python API：**\n\n```python\nfrom ai_secret_guard import SecretScanner\nfrom ai_secret_guard.reporter import ReportGenerator\n\n# 初始化扫描器\nscanner = SecretScanner()\n\n# 扫描仓库\nresult = scanner.scan_repository(\"/path/to/repo\")\n\n# 生成报告\nreporter = ReportGenerator(result)\nreporter.generate_html_report(\"report.html\")\n```\n\n### 📖 详细使用指南\n\n**高级扫描选项：**\n\n```bash\n# 自定义工作线程数\nai-secret-guard scan . --workers 8\n\n# 自定义忽略模式\nai-secret-guard scan . --ignore \"*.log\" --ignore \"temp/*\"\n\n# JSON输出供程序使用\nai-secret-guard scan . --format json --output results.json\n```\n\n**CI/CD集成（GitHub Actions）：**\n\n```yaml\nname: Secret Scan\non: [push, pull_request]\njobs:\n  scan:\n    runs-on: ubuntu-latest\n    steps:\n      - uses: actions/checkout@v4\n      - uses: actions/setup-python@v5\n        with:\n          python-version: '3.11'\n      - run: pip install ai-secret-guard\n      - run: ai-secret-guard scan .\n```\n\n### 💡 设计思路\n\n**为什么选择AI Secret Guard？**\n\n1. **准确性优先：** 传统工具仅依赖正则模式，导致大量误报。我们的AI增强层分析上下文（文件类型、周围代码、变量名），区分真实密钥与示例和测试数据。\n\n2. **可操作的情报：** 每个发现都包含风险评分（0-100）和具体的修复建议。生产配置中的关键密钥会被立即标记。\n\n3. **开发者体验：** 零依赖意味着它可以在任何运行Python的地方工作。CLI提供实时进度条和清晰的颜色编码输出。\n\n**技术选型：**\n- **纯Python：** 最大兼容性，无依赖地狱\n- **ThreadPoolExecutor：** 高效的I/O密集型扫描，不受GIL限制\n- **Dataclass模型：** 干净、带类型提示的代码，易于扩展\n\n**迭代规划：**\n- [ ] 机器学习模型，进一步降低误报\n- [ ] Pre-commit钩子集成\n- [ ] SARIF格式输出，对接安全平台\n- [ ] Docker容器，确保CI/CD一致性\n- [ ] IDE插件（VS Code、IntelliJ）\n\n### 📦 打包与部署\n\n**从源码构建：**\n\n```bash\n# 安装构建依赖\npip install build twine\n\n# 构建包\npython -m build\n\n# 上传到PyPI（仅维护者）\npython -m twine upload dist/*\n```\n\n**Docker（即将推出）：**\n\n```bash\ndocker run -v $(pwd):/repo gitstq/ai-secret-guard scan /repo\n```\n\n### 🤝 贡献指南\n\n我们欢迎贡献！详情请参阅我们的[贡献指南](CONTRIBUTING.md)。\n\n- 🐛 **Bug报告：** 提交issue并附上复现步骤\n- 💡 **功能请求：** 提交issue并添加 `enhancement` 标签\n- 🔧 **Pull Request：** Fork、创建分支、提交PR到 `main`\n\n### 📄 开源协议\n\n本项目采用 MIT 协议 - 详见 [LICENSE](LICENSE) 文件。\n\n---\n\n## 繁體中文\n\n### 🎉 專案介紹\n\n**AI Secret Guard** 是一款智慧AI增強型金鑰洩漏偵測與風險評估工具，旨在幫助開發者和安全團隊識別意外提交到程式碼倉庫中的API金鑰、密碼、令牌和其他敏感資訊。\n\n**核心價值：**\n- 🛡️ **在安全事故發生前預防**，及時發現程式碼中的金鑰洩漏\n- 🤖 **AI增強的準確性**，相比傳統純正規表示式工具降低60%誤報率\n- ⚡ **極速掃描**，多執行緒處理 - 秒級掃描1000+檔案\n- 🎯 **上下文風險評分**，優先處理最危險的洩漏\n\n**靈感來源：** 本專案受到 `gitleaks` 和 `truffleHog` 等工具的啟發，但解決了它們的關鍵侷限：高誤報率、缺乏風險上下文、有限的自定義能力。我們從零開始構建AI Secret Guard，專注於**準確性、速度和可操作的情報**。\n\n### ✨ 核心特性\n\n| 特性 | 描述 |\n|------|------|\n| 🔍 **15+ 偵測規則** | 覆蓋OpenAI、AWS、GitHub、Slack、Stripe、JWT、私鑰、資料庫連線串等 |\n| 🤖 **AI增強分析** | 上下文分析減少測試檔案、文件和範例的誤報 |\n| 🎯 **風險評分引擎** | 基於金鑰型別、檔案上下文和置信度計算0-100風險分數 |\n| 📊 **多格式報告** | 生成控制檯、JSON和HTML報告，附帶精美視覺化 |\n| ⚡ **高效能** | 多執行緒掃描，可配置工作執行緒池 |\n| 🔧 **CI/CD整合** | 原生GitHub Actions支援，發現金鑰可失敗構建 |\n| 🛠️ **自定義規則** | 輕鬆擴充套件自己的偵測模式 |\n| 🌐 **零依賴** | 僅使用Python標準庫 - 最大可移植性 |\n\n### 🚀 快速開始\n\n**環境要求：**\n- Python 3.8 或更高版本\n\n**安裝：**\n\n```bash\n# 從PyPI安裝（即將推出）\npip install ai-secret-guard\n\n# 或從原始碼安裝\ngit clone https://github.com/gitstq/ai-secret-guard.git\ncd ai-secret-guard\npip install -e .\n```\n\n**基本用法：**\n\n```bash\n# 掃描倉庫\nai-secret-guard scan /path/to/repo\n\n# 生成HTML報告\nai-secret-guard scan /path/to/repo --format html --output report.html\n\n# 掃描單個檔案\nai-secret-guard file /path/to/file.py\n\n# 禁用AI增強以加快掃描速度\nai-secret-guard scan /path/to/repo --no-ai\n```\n\n**Python API：**\n\n```python\nfrom ai_secret_guard import SecretScanner\nfrom ai_secret_guard.reporter import ReportGenerator\n\n# 初始化掃描器\nscanner = SecretScanner()\n\n# 掃描倉庫\nresult = scanner.scan_repository(\"/path/to/repo\")\n\n# 生成報告\nreporter = ReportGenerator(result)\nreporter.generate_html_report(\"report.html\")\n```\n\n### 📖 詳細使用指南\n\n**高階掃描選項：**\n\n```bash\n# 自定義工作執行緒數\nai-secret-guard scan . --workers 8\n\n# 自定義忽略模式\nai-secret-guard scan . --ignore \"*.log\" --ignore \"temp/*\"\n\n# JSON輸出供程式使用\nai-secret-guard scan . --format json --output results.json\n```\n\n**CI/CD整合（GitHub Actions）：**\n\n```yaml\nname: Secret Scan\non: [push, pull_request]\njobs:\n  scan:\n    runs-on: ubuntu-latest\n    steps:\n      - uses: actions/checkout@v4\n      - uses: actions/setup-python@v5\n        with:\n          python-version: '3.11'\n      - run: pip install ai-secret-guard\n      - run: ai-secret-guard scan .\n```\n\n### 💡 設計思路\n\n**為什麼選擇AI Secret Guard？**\n\n1. **準確性優先：** 傳統工具僅依賴正規表示式模式，導致大量誤報。我們的AI增強層分析上下文（檔案型別、周圍程式碼、變數名），區分真實金鑰與範例和測試資料。\n\n2. **可操作的情報：** 每個發現都包含風險評分（0-100）和具體的修復建議。生產配置中的關鍵金鑰會被立即標記。\n\n3. **開發者體驗：** 零依賴意味著它可以在任何執行Python的地方工作。CLI提供實時進度條和清晰的顏色編碼輸出。\n\n**技術選型：**\n- **純Python：** 最大相容性，無依賴地獄\n- **ThreadPoolExecutor：** 高效的I/O密集型掃描，不受GIL限制\n- **Dataclass模型：** 乾淨、帶型別提示的程式碼，易於擴充套件\n\n**迭代規劃：**\n- [ ] 機器學習模型，進一步降低誤報\n- [ ] Pre-commit鉤子整合\n- [ ] SARIF格式輸出，對接安全平臺\n- [ ] Docker容器，確保CI/CD一致性\n- [ ] IDE外掛（VS Code、IntelliJ）\n\n### 📦 打包與部署\n\n**從原始碼構建：**\n\n```bash\n# 安裝構建依賴\npip install build twine\n\n# 構建包\npython -m build\n\n# 上傳到PyPI（僅維護者）\npython -m twine upload dist/*\n```\n\n**Docker（即將推出）：**\n\n```bash\ndocker run -v $(pwd):/repo gitstq/ai-secret-guard scan /repo\n```\n\n### 🤝 貢獻指南\n\n我們歡迎貢獻！詳情請參閱我們的[貢獻指南](CONTRIBUTING.md)。\n\n- 🐛 **Bug報告：** 提交issue並附上復現步驟\n- 💡 **功能請求：** 提交issue並新增 `enhancement` 標籤\n- 🔧 **Pull Request：** Fork、建立分支、提交PR到 `main`\n\n### 📄 開源協議\n\n本專案採用 MIT 協議 - 詳見 [LICENSE](LICENSE) 檔案。\n\n---\n\n\u003cp align=\"center\"\u003e\n  Made with ❤️ by the AI Secret Guard Team\n\u003c/p\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgitstq%2Fai-secret-guard","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgitstq%2Fai-secret-guard","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgitstq%2Fai-secret-guard/lists"}