https://github.com/ghada-ch/gitguard-ai
AI-powered Git security & risk scanner for detecting secrets, vulnerabilities, and dangerous code before commits or CI.
https://github.com/ghada-ch/gitguard-ai
ci-cd cli code-analysis developer-tools devtools eslint-alternative git javascript nodejs npm-package security security-scanner snyk-alternative static-analysis typescript
Last synced: 3 months ago
JSON representation
AI-powered Git security & risk scanner for detecting secrets, vulnerabilities, and dangerous code before commits or CI.
- Host: GitHub
- URL: https://github.com/ghada-ch/gitguard-ai
- Owner: Ghada-Ch
- License: other
- Created: 2026-04-15T22:12:11.000Z (3 months ago)
- Default Branch: main
- Last Pushed: 2026-04-16T00:04:25.000Z (3 months ago)
- Last Synced: 2026-04-16T01:13:29.441Z (3 months ago)
- Topics: ci-cd, cli, code-analysis, developer-tools, devtools, eslint-alternative, git, javascript, nodejs, npm-package, security, security-scanner, snyk-alternative, static-analysis, typescript
- Language: JavaScript
- Homepage: https://www.npmjs.com/package/gitguard-ai
- Size: 2.2 MB
- Stars: 1
- Watchers: 0
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# ๐ก๏ธ GitGuard AI
> AI-powered Git security & risk scanner for modern developers.
---
## โก Overview
GitGuard AI analyzes your Git repository and detects:
- ๐ Secrets (API keys, tokens, passwords)
- โ ๏ธ Merge conflicts
- ๐ฆ Dependency risks
- ๐จ Deployment issues
- ๐ง Dangerous code patterns
- ๐ Large risky changes
---
## ๐ Installation
### Global install
```bash
npm install -g gitguard-ai
```
### Or run instantly (recommended)
```bash
npx gitguard-ai
```
## ๐งช Usage
### Scan last commit (default)
```bash
gitguard-ai
```
### Full repository scan
```bash
gitguard-ai --full
```
## ๐ Example Output
```text
๐ GitGuard AI running...
โ ๏ธ GitGuard AI Report
Risk Score: 95
๐ README.md
โ ๏ธ Merge conflict detected
๐ก Unresolved Git conflict markers found in file(s).
๐ backend/Procfile
โ ๏ธ Deployment config modified
๐ก Changes may affect production startup.
๐ package.json
โ ๏ธ Dependency changes detected
๐ก New or updated dependencies may introduce risk.
โ High risk detected. Failing CI.
```
## ๐ Full Scan Mode
Analyze the entire repository:
- all tracked files (`git ls-files`)
- dependency footprint
- security patterns
- deployment configuration
```bash
gitguard-ai --full
```
## ๐ค GitHub Actions (CI Integration)
Run GitGuard AI automatically on every pull request:
```yaml
name: GitGuard AI
on:
pull_request:
jobs:
scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Setup Node
uses: actions/setup-node@v4
with:
node-version: 20
- name: Run GitGuard AI
run: npx gitguard-ai --full
```
## ๐ง How It Works
Git Repository
โ
Git Diff / File Scan
โ
Rule Engine
โ
Risk Scoring System
โ
CLI Output / CI Failure
## ๐ Risk Levels
| Score | Level | Meaning |
|------|------|--------|
| 0โ39 | ๐ข Low | Safe changes |
| 40โ69 | ๐ก Medium | Needs review |
| 70โ100 | ๐ด High | Risky changes |
## ๐ Detection Rules
GitGuard AI detects:
- ๐ Secrets (API keys, tokens, passwords)
- โ ๏ธ Merge conflicts (`<<<<<<<`)
- ๐ฆ Dependency changes (`package.json`)
- ๐จ Deployment changes (`Procfile`)
- ๐ง Dangerous JS functions (`eval`, `exec`)
- ๐ Large diff changes
## ๐ Workflow Example
```bash
git add .
git commit -m "new feature"
gitguard-ai
git push
```
## ๐ Roadmap
- [ ] GitHub PR bot comments ๐ค
- [ ] JSON output mode (`--json`)
- [ ] `.gitguardignore` support
- [ ] Severity grouping (HIGH / MEDIUM / LOW)
- [ ] AST-based deep analysis
- [ ] AI-powered fix suggestions
## ๐ก Vision
> GitGuard AI becomes the ESLint of security & Git risk analysis.
Fast. Lightweight. Developer-first.
## ๐ค Author
Built with passion for modern development workflows.
Maintained by **Ghada Chouichi**.
---
## ๐ License
MIT