Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/ezekg/git-hound
Git plugin that prevents sensitive data from being committed.
https://github.com/ezekg/git-hound
cli git git-plugin golang regular-expression security
Last synced: 29 days ago
JSON representation
Git plugin that prevents sensitive data from being committed.
- Host: GitHub
- URL: https://github.com/ezekg/git-hound
- Owner: ezekg
- License: mit
- Created: 2015-11-05T16:30:20.000Z (about 9 years ago)
- Default Branch: master
- Last Pushed: 2020-10-08T22:34:28.000Z (about 4 years ago)
- Last Synced: 2024-11-07T07:11:56.517Z (about 1 month ago)
- Topics: cli, git, git-plugin, golang, regular-expression, security
- Language: Go
- Homepage:
- Size: 3.28 MB
- Stars: 309
- Watchers: 10
- Forks: 27
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-rainmana - ezekg/git-hound - Git plugin that prevents sensitive data from being committed. (Go)
- awesome-hacking-lists - ezekg/git-hound - Git plugin that prevents sensitive data from being committed. (Go)
README
# Git Hound
[](https://travis-ci.org/ezekg/git-hound)
[](https://codeclimate.com/github/ezekg/git-hound)
[](https://godoc.org/github.com/ezekg/git-hound)
Hound is a Git plugin that helps prevent sensitive data from being committed into a repository by sniffing potential commits against PCRE regular expressions.
## How does it work?
Upon commit, it runs the output of `git diff -U0 --staged` through the Hound, which matches every _added_ or _modified_ line against your provided list of regular expressions from a local `.githound.yml` file.
## Installation
To install Hound, please use `go get`. If you don't have Go installed, [get it here](https://golang.org/dl/). If you would like to grab a precompiled binary, head over to the [releases](https://github.com/ezekg/git-hound/releases) page. The precompiled Hound binaries have no external dependencies.
```
go get github.com/ezekg/git-hound
```
If you're on macOS, you can also install using Homebrew:
```
brew install git-hound
```
## Compiling
To compile for your operating system, simply run the following from the root of the project directory:
```bash
go install
```
To compile for all platforms using [`gox`](https://github.com/mitchellh/gox), run the following:
```bash
gox
```
## Usage
```
git-hound [] commit [...]
git-hound [] sniff []
```
### Commit
Sniff changes before committing.
```bash
# Sniff changes since last commit and pass to git-commit when clean
git hound commit …
```
### Sniff
You can optionally pass a commit hash or manually pipe a diff for the Hound to sniff.
```bash
# Sniff changes since last commit
git hound sniff HEAD
# Sniff entire codebase
git hound sniff
# Sniff entire repo history
git log -p | git hound sniff
```
## Option flags
| Flag | Type | Default | Usage |
|:---------------|:-------|:----------------|:-------------------------------------------|
| `-no-color` | bool | `false` | Disable color output |
| `-config=file` | string | `.githound.yml` | Hound config file |
| `-bin=file` | string | `git` | Executable binary to use for `git` command |
## Example `.githound.yml`
```yaml
# Output warning on match but continue
warn:
- '(?i)user(name)?\W*[:=,]\W*.+$'
- '\/Users\/\w+\/'
# Fail immediately upon match
fail:
- '[''"](?!.*[\s])(?=.*[A-Za-z])(?=.*[0-9])(?=.*[!@#$&*])?.{16,}[''"]'
- '(?i)db_(user(name)?|pass(word)?|name)\W*[:=,]\W*.+$'
- '(?i)pass(word)?\W*[:=,]\W*.+$'
# Skip on matched filename
skip:
- '\.example$'
- '\.sample$'
```