🛡️ RepoShield-CLI
轻量级终端 Git 仓库全维度安全审计引擎
Lightweight Terminal Git Repository Full-Dimension Security Audit Engine
简体中文 ·
繁體中文 ·
English
# 🎉 项目介绍
**RepoShield-CLI** 是一款轻量级终端 Git 仓库全维度安全审计引擎,**零外部依赖**,纯 Python 标准库实现。它能够对代码仓库进行全面的安全扫描,覆盖敏感信息泄露、依赖漏洞、Git 配置安全、文件权限、代码安全模式、Docker 安全和 CI/CD 安全等 **7 大维度**,帮助开发者在代码提交前发现潜在的安全风险。
### 核心价值
- 🚀 **一键扫描,零配置开箱即用** — 克隆即用,无需复杂配置
- 🔎 **7 大安全维度,100+ 检测规则** — 全方位覆盖代码安全风险
- 📦 **零外部依赖,纯 Python 标准库** — 安装即用,无环境冲突
- 📊 **多格式报告输出** — 终端 / JSON / HTML / Markdown 四种格式
- 🖥️ **交互式 TUI 仪表盘** — 实时扫描进度、分类问题展示、安全评分
- 🌍 **跨平台支持** — Windows / macOS / Linux 全平台兼容
# ✨ 核心特性
| 维度 | 说明 |
|------|------|
| 🔍 **敏感信息泄露检测** | 30+ 种敏感信息模式(AWS / GitHub / GitLab / Google / Slack / Discord / JWT / 私钥 / 数据库连接串等) |
| 📦 **依赖安全漏洞扫描** | 支持 `requirements.txt` / `package.json` / `Pipfile` / `pyproject.toml` / `setup.py`,内置漏洞数据库 |
| 🔐 **Git 配置安全检查** | `.gitignore` 审计、敏感文件检测、大文件追踪检查、分支保护建议 |
| 📋 **文件权限安全审计** | world-writable 检测、SUID/SGID 检测、敏感文件权限检查 |
| 💻 **代码安全模式检测** | 30+ 种不安全代码模式,支持 Python / JS / TS / Go / Java / Ruby / PHP / C / C++ |
| 🐳 **Docker 安全检查** | FROM latest / root 用户 / COPY . ./ / HEALTHCHECK / 端口暴露 / ENV 密钥检测 |
| 🔄 **CI/CD 安全审计** | GitHub Actions / Travis CI / GitLab CI / Jenkinsfile 安全配置检查 |
| 📊 **多格式报告输出** | 彩色终端 / JSON / HTML(内联 CSS)/ Markdown |
| 🖥️ **交互式 TUI 仪表盘** | 实时扫描进度、分类问题展示、安全评分 |
| ⚡ **零外部依赖** | 纯 Python 标准库,`pip install` 即可使用 |
| 🎯 **灵活过滤** | 按严重程度 / 规则 ID / 目录排除进行精确过滤 |
# 🚀 快速开始
## 环境要求
- **Python 3.8+**
- 无需任何外部依赖
## 安装
git clone https://github.com/gitstq/RepoShield-CLI.git
cd RepoShield-CLI
pip install -e .
## 基本使用
# 扫描当前目录
reposhield-cli scan
# 扫描指定目录
reposhield-cli scan /path/to/project
# 输出 JSON 报告
reposhield-cli scan --json
# 输出 HTML 报告
reposhield-cli scan --html report.html
# 输出 Markdown 报告
reposhield-cli scan --markdown report.md
# 只显示高危及以上
reposhield-cli scan --severity high
# 排除目录
reposhield-cli scan --exclude node_modules,.git,dist
# 忽略特定规则
reposhield-cli scan --ignore SEC-001,SEC-003
# 启动 TUI 仪表盘
reposhield-cli dashboard
# 查看所有规则
reposhield-cli rules
# 查看版本
reposhield-cli version
# 📖 详细使用指南
## 进阶用法
### 组合使用多个过滤条件
# 只显示高危问题,排除测试目录,忽略特定规则
reposhield-cli scan --severity high --exclude tests,__pycache__ --ignore SEC-003
# 静默模式(仅输出结果,不显示进度)
reposhield-cli scan --quiet
# 禁用彩色输出(适用于日志重定向)
reposhield-cli scan --no-color
### 生成多种格式报告
# 同时生成 JSON 和 HTML 报告
reposhield-cli scan --json > report.json
reposhield-cli scan --html report.html
# 生成 Markdown 报告用于文档归档
reposhield-cli scan --markdown security_audit.md
## 完整参数说明
### `scan` 命令
| 参数 | 说明 | 默认值 |
|------|------|--------|
| `target` | 扫描目标目录或文件 | `.`(当前目录) |
| `--json` | 输出 JSON 格式报告 | 关闭 |
| `--html FILE` | 生成 HTML 报告并保存到指定文件 | 关闭 |
| `--markdown FILE` | 生成 Markdown 报告并保存到指定文件 | 关闭 |
| `--severity LEVEL` | 最低显示严重级别(`critical` / `high` / `medium` / `low` / `info`) | `info` |
| `--exclude DIRS` | 排除目录,逗号分隔 | `.git,__pycache__,node_modules,.venv,venv,.tox,dist,build,.eggs` |
| `--ignore RULE_ID` | 忽略指定规则 ID(可多次指定) | 无 |
| `--no-color` | 禁用彩色输出 | 关闭 |
| `--quiet` | 静默模式,仅显示结果 | 关闭 |
### `dashboard` 命令
| 参数 | 说明 | 默认值 |
|------|------|--------|
| `target` | 仪表盘扫描目标目录 | `.`(当前目录) |
### 其他命令
| 命令 | 说明 |
|------|------|
| `reposhield-cli rules` | 列出所有可用的安全检测规则 |
| `reposhield-cli version` | 显示版本信息 |
## 典型场景示例
### 场景一:日常开发安全检查
在提交代码前快速扫描当前项目,确保没有敏感信息泄露:
reposhield-cli scan --severity medium
### 场景二:CI/CD 集成
在持续集成流水线中集成安全扫描,生成 JSON 报告供后续分析:
reposhield-cli scan --json --quiet > security_report.json
### 场景三:团队安全审计
reposhield-cli scan --html team_audit_report.html --exclude node_modules,.git
### 场景四:开源项目安全评估
评估第三方开源项目的安全状况:
reposhield-cli scan /path/to/open-source-project --severity low --markdown assessment.md
# 💡 设计思路与迭代规划
## 设计理念
RepoShield-CLI 的核心设计哲学是将安全审计融入开发流程的最早阶段。通过在本地终端提供即时、全面的安全扫描能力,开发者可以在每次提交前快速识别并修复安全问题,从而显著降低安全事件的发生概率。
## 技术选型原因
| 决策 | 原因 |
|------|------|
| **纯 Python 标准库** | 确保零外部依赖,避免版本冲突,安装即用 |
| **CLI 工具形态** | 轻量高效,易于集成到各类编辑器和 CI/CD 流水线 |
| **规则引擎架构** | 模块化设计,每条规则独立可扩展,便于维护 |
| **多格式报告** | 适配不同场景需求:终端即时查看、JSON 程序处理、HTML 人工审阅、Markdown 文档归档 |
## 后续规划
- 🔌 **插件系统** — 支持自定义规则插件,扩展检测能力
- 📝 **自定义规则** — 允许用户通过 YAML/JSON 配置文件定义检测规则
- 🔧 **IDE 集成** — 提供 VS Code / JetBrains 插件,实现编辑器内实时检测
- 👥 **团队协作** — 支持团队级安全基线配置和报告共享
- 📈 **趋势分析** — 历史扫描结果对比,安全状况趋势追踪
- 🌐 **远程仓库扫描** — 支持直接扫描 GitHub/GitLab 远程仓库
# 📦 打包与部署指南
## 构建 Wheel 包
# 安装构建工具
pip install build
# 构建
python -m build
# 安装生成的 wheel 包
pip install dist/reposhield_cli-1.0.0-py3-none-any.whl
## 从 PyPI 安装(如已发布)
pip install reposhield-cli
## Docker 中使用
# 在 Docker 容器中运行扫描
docker run --rm -v /path/to/project:/scan reposhield-cli scan /scan
# 🤝 贡献指南
我们欢迎并感谢所有形式的贡献!无论是提交 Bug 报告、功能建议,还是直接提交 Pull Request。
## 提交 Pull Request
1. **Fork** 本仓库
2. 创建特性分支:`git checkout -b feature/your-feature-name`
3. 提交更改:`git commit -m 'feat: add your feature description'`
4. 推送分支:`git push origin feature/your-feature-name`
5. 提交 **Pull Request**
### Commit 规范
请使用 [Conventional Commits](https://www.conventionalcommits.org/) 规范:
| 类型 | 说明 |
|------|------|
| `feat:` | 新功能 |
| `fix:` | Bug 修复 |
| `docs:` | 文档更新 |
| `refactor:` | 代码重构 |
| `test:` | 测试相关 |
| `chore:` | 构建/工具链相关 |
## 反馈 Issue
- 使用清晰的标题描述问题
- 提供复现步骤和环境信息
- 附上相关的日志或截图
# 📄 开源协议
本项目基于 [MIT License](LICENSE) 开源。
MIT License
Copyright (c) 2024 RepoShield Team
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
# 🎉 專案介紹
**RepoShield-CLI** 是一款輕量級終端 Git 倉庫全維度安全審計引擎,**零外部依賴**,純 Python 標準庫實現。它能夠對程式碼倉庫進行全面的安全掃描,涵蓋敏感資訊洩露、依賴漏洞、Git 配置安全、檔案權限、程式碼安全模式、Docker 安全和 CI/CD 安全等 **7 大維度**,幫助開發者在程式碼提交前發現潛在的安全風險。
### 核心價值
- 🚀 **一鍵掃描,零配置開箱即用** — 克隆即用,無需複雜配置
- 🔎 **7 大安全維度,100+ 檢測規則** — 全方位覆蓋程式碼安全風險
- 📦 **零外部依賴,純 Python 標準庫** — 安裝即用,無環境衝突
- 📊 **多格式報告輸出** — 終端 / JSON / HTML / Markdown 四種格式
- 🖥️ **互動式 TUI 儀表盤** — 即時掃描進度、分類問題展示、安全評分
- 🌍 **跨平台支援** — Windows / macOS / Linux 全平台相容
# ✨ 核心特性
| 維度 | 說明 |
|------|------|
| 🔍 **敏感資訊洩露檢測** | 30+ 種敏感資訊模式(AWS / GitHub / GitLab / Google / Slack / Discord / JWT / 私鑰 / 資料庫連接串等) |
| 📦 **依賴安全漏洞掃描** | 支援 `requirements.txt` / `package.json` / `Pipfile` / `pyproject.toml` / `setup.py`,內建漏洞資料庫 |
| 🔐 **Git 配置安全檢查** | `.gitignore` 審計、敏感檔案檢測、大檔案追蹤檢查、分支保護建議 |
| 📋 **檔案權限安全審計** | world-writable 檢測、SUID/SGID 檢測、敏感檔案權限檢查 |
| 💻 **程式碼安全模式檢測** | 30+ 種不安全程式碼模式,支援 Python / JS / TS / Go / Java / Ruby / PHP / C / C++ |
| 🐳 **Docker 安全檢查** | FROM latest / root 使用者 / COPY . ./ / HEALTHCHECK / 連接埠暴露 / ENV 密鑰檢測 |
| 🔄 **CI/CD 安全審計** | GitHub Actions / Travis CI / GitLab CI / Jenkinsfile 安全配置檢查 |
| 📊 **多格式報告輸出** | 彩色終端 / JSON / HTML(內聯 CSS)/ Markdown |
| 🖥️ **互動式 TUI 儀表盤** | 即時掃描進度、分類問題展示、安全評分 |
| ⚡ **零外部依賴** | 純 Python 標準庫,`pip install` 即可使用 |
| 🎯 **靈活過濾** | 按嚴重程度 / 規則 ID / 目錄排除進行精確過濾 |
# 🚀 快速開始
## 環境要求
- **Python 3.8+**
- 無需任何外部依賴
## 安裝
git clone https://github.com/gitstq/RepoShield-CLI.git
cd RepoShield-CLI
pip install -e .
## 基本使用
# 掃描當前目錄
reposhield-cli scan
# 掃描指定目錄
reposhield-cli scan /path/to/project
# 輸出 JSON 報告
reposhield-cli scan --json
# 輸出 HTML 報告
reposhield-cli scan --html report.html
# 輸出 Markdown 報告
reposhield-cli scan --markdown report.md
# 只顯示高危及以上
reposhield-cli scan --severity high
# 排除目錄
reposhield-cli scan --exclude node_modules,.git,dist
# 忽略特定規則
reposhield-cli scan --ignore SEC-001,SEC-003
# 啟動 TUI 儀表盤
reposhield-cli dashboard
# 查看所有規則
reposhield-cli rules
# 查看版本
reposhield-cli version
# 📖 詳細使用指南
## 進階用法
### 組合使用多個過濾條件
# 只顯示高危問題,排除測試目錄,忽略特定規則
reposhield-cli scan --severity high --exclude tests,__pycache__ --ignore SEC-003
# 靜默模式(僅輸出結果,不顯示進度)
reposhield-cli scan --quiet
# 停用彩色輸出(適用於日誌重新導向)
reposhield-cli scan --no-color
### 生成多種格式報告
# 同時生成 JSON 和 HTML 報告
reposhield-cli scan --json > report.json
reposhield-cli scan --html report.html
# 生成 Markdown 報告用於文件歸檔
reposhield-cli scan --markdown security_audit.md
## 完整參數說明
### `scan` 命令
| 參數 | 說明 | 預設值 |
|------|------|--------|
| `target` | 掃描目標目錄或檔案 | `.`(當前目錄) |
| `--json` | 輸出 JSON 格式報告 | 關閉 |
| `--html FILE` | 生成 HTML 報告並儲存到指定檔案 | 關閉 |
| `--markdown FILE` | 生成 Markdown 報告並儲存到指定檔案 | 關閉 |
| `--severity LEVEL` | 最低顯示嚴重級別(`critical` / `high` / `medium` / `low` / `info`) | `info` |
| `--exclude DIRS` | 排除目錄,逗號分隔 | `.git,__pycache__,node_modules,.venv,venv,.tox,dist,build,.eggs` |
| `--ignore RULE_ID` | 忽略指定規則 ID(可多次指定) | 無 |
| `--no-color` | 停用彩色輸出 | 關閉 |
| `--quiet` | 靜默模式,僅顯示結果 | 關閉 |
### `dashboard` 命令
| 參數 | 說明 | 預設值 |
|------|------|--------|
| `target` | 儀表盤掃描目標目錄 | `.`(當前目錄) |
### 其他命令
| 命令 | 說明 |
|------|------|
| `reposhield-cli rules` | 列出所有可用的安全檢測規則 |
| `reposhield-cli version` | 顯示版本資訊 |
## 典型場景示例
### 場景一:日常開發安全檢查
在提交程式碼前快速掃描當前專案,確保沒有敏感資訊洩露:
reposhield-cli scan --severity medium
### 場景二:CI/CD 整合
在持續整合流水線中整合安全掃描,生成 JSON 報告供後續分析:
reposhield-cli scan --json --quiet > security_report.json
### 場景三:團隊安全審計
reposhield-cli scan --html team_audit_report.html --exclude node_modules,.git
### 場景四:開源專案安全評估
評估第三方開源專案的安全狀況:
reposhield-cli scan /path/to/open-source-project --severity low --markdown assessment.md
# 💡 設計思路與迭代規劃
## 設計理念
RepoShield-CLI 的核心設計哲學是將安全審計融入開發流程的最早階段。透過在本地終端提供即時、全面的安全掃描能力,開發者可以在每次提交前快速識別並修復安全問題,從而顯著降低安全事件的發生機率。
## 技術選型原因
| 決策 | 原因 |
|------|------|
| **純 Python 標準庫** | 確保零外部依賴,避免版本衝突,安裝即用 |
| **CLI 工具形態** | 輕量高效,易於整合到各類編輯器和 CI/CD 流水線 |
| **規則引擎架構** | 模組化設計,每條規則獨立可擴展,便於維護 |
| **多格式報告** | 適配不同場景需求:終端即時查看、JSON 程式處理、HTML 人工審閱、Markdown 文件歸檔 |
## 後續規劃
- 🔌 **外掛系統** — 支援自訂規則外掛,擴展檢測能力
- 📝 **自訂規則** — 允許使用者透過 YAML/JSON 配置檔案定義檢測規則
- 🔧 **IDE 整合** — 提供 VS Code / JetBrains 外掛,實現編輯器內即時檢測
- 👥 **團隊協作** — 支援團隊級安全基線配置和報告共享
- 📈 **趨勢分析** — 歷史掃描結果對比,安全狀況趨勢追蹤
- 🌐 **遠端倉庫掃描** — 支援直接掃描 GitHub/GitLab 遠端倉庫
# 📦 打包與部署指南
## 構建 Wheel 套件
# 安裝構建工具
pip install build
# 構建
python -m build
# 安裝生成的 wheel 套件
pip install dist/reposhield_cli-1.0.0-py3-none-any.whl
## 從 PyPI 安裝(如已發布)
pip install reposhield-cli
## Docker 中使用
# 在 Docker 容器中執行掃描
docker run --rm -v /path/to/project:/scan reposhield-cli scan /scan
# 🤝 貢獻指南
我們歡迎並感謝所有形式的貢獻!無論是提交 Bug 報告、功能建議,還是直接提交 Pull Request。
## 提交 Pull Request
1. **Fork** 本倉庫
2. 建立特性分支:`git checkout -b feature/your-feature-name`
3. 提交更改:`git commit -m 'feat: add your feature description'`
4. 推送分支:`git push origin feature/your-feature-name`
5. 提交 **Pull Request**
### Commit 規範
請使用 [Conventional Commits](https://www.conventionalcommits.org/) 規範:
| 類型 | 說明 |
|------|------|
| `feat:` | 新功能 |
| `fix:` | Bug 修復 |
| `docs:` | 文件更新 |
| `refactor:` | 程式碼重構 |
| `test:` | 測試相關 |
| `chore:` | 建構/工具鏈相關 |
## 回饋 Issue
- 使用清晰的標題描述問題
- 提供重現步驟和環境資訊
- 附上相關的日誌或截圖
# 📄 開源協議
本專案基於 [MIT License](LICENSE) 開源。
MIT License
Copyright (c) 2024 RepoShield Team
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
# 🎉 Introduction
**RepoShield-CLI** is a lightweight terminal-based Git repository full-dimension security audit engine with **zero external dependencies**, built entirely with the Python standard library. It performs comprehensive security scans across code repositories, covering **7 major dimensions** including sensitive information leaks, dependency vulnerabilities, Git configuration security, file permissions, insecure code patterns, Docker security, and CI/CD security. It helps developers identify potential security risks before committing code.
### Core Value
- 🚀 **One-click scanning, zero configuration** — Clone and run, no complex setup required
- 🔎 **7 security dimensions, 100+ detection rules** — Full-spectrum code security risk coverage
- 📦 **Zero external dependencies, pure Python standard library** — Install and run, no environment conflicts
- 📊 **Multi-format report output** — Terminal / JSON / HTML / Markdown formats
- 🖥️ **Interactive TUI dashboard** — Real-time scan progress, categorized issue display, security scoring
- 🌍 **Cross-platform support** — Windows / macOS / Linux compatible
# ✨ Core Features
| Dimension | Description |
|-----------|-------------|
| 🔍 **Sensitive Information Leak Detection** | 30+ sensitive information patterns (AWS / GitHub / GitLab / Google / Slack / Discord / JWT / Private keys / Database connection strings, etc.) |
| 📦 **Dependency Vulnerability Scanning** | Supports `requirements.txt` / `package.json` / `Pipfile` / `pyproject.toml` / `setup.py` with built-in vulnerability database |
| 🔐 **Git Configuration Security Check** | `.gitignore` audit, sensitive file detection, large file tracking check, branch protection recommendations |
| 📋 **File Permission Security Audit** | world-writable detection, SUID/SGID detection, sensitive file permission checks |
| 💻 **Insecure Code Pattern Detection** | 30+ insecure code patterns, supports Python / JS / TS / Go / Java / Ruby / PHP / C / C++ |
| 🐳 **Docker Security Check** | FROM latest / root user / COPY . ./ / HEALTHCHECK / port exposure / ENV secret detection |
| 🔄 **CI/CD Security Audit** | GitHub Actions / Travis CI / GitLab CI / Jenkinsfile security configuration checks |
| 📊 **Multi-format Report Output** | Colored terminal / JSON / HTML (inline CSS) / Markdown |
| 🖥️ **Interactive TUI Dashboard** | Real-time scan progress, categorized issue display, security scoring |
| ⚡ **Zero External Dependencies** | Pure Python standard library, ready to use with `pip install` |
| 🎯 **Flexible Filtering** — Filter by severity level / rule ID / directory exclusion |
# 🚀 Quick Start
## Requirements
- **Python 3.8+**
- No external dependencies required
## Installation
git clone https://github.com/gitstq/RepoShield-CLI.git
cd RepoShield-CLI
pip install -e .
## Basic Usage
# Scan the current directory
reposhield-cli scan
# Scan a specific directory
reposhield-cli scan /path/to/project
# Output JSON report
reposhield-cli scan --json
# Output HTML report
reposhield-cli scan --html report.html
# Output Markdown report
reposhield-cli scan --markdown report.md
# Show only high severity and above
reposhield-cli scan --severity high
# Exclude directories
reposhield-cli scan --exclude node_modules,.git,dist
# Ignore specific rules
reposhield-cli scan --ignore SEC-001,SEC-003
# Launch TUI dashboard
reposhield-cli dashboard
# List all rules
reposhield-cli rules
# Show version
reposhield-cli version
# 📖 Detailed Usage Guide
## Advanced Usage
### Combining Multiple Filters
# Show only high severity issues, exclude test directories, ignore specific rules
reposhield-cli scan --severity high --exclude tests,__pycache__ --ignore SEC-003
# Quiet mode (output results only, suppress progress)
reposhield-cli scan --quiet
# Disable colored output (useful for log redirection)
reposhield-cli scan --no-color
### Generating Multiple Report Formats
# Generate both JSON and HTML reports
reposhield-cli scan --json > report.json
reposhield-cli scan --html report.html
# Generate a Markdown report for documentation archiving
reposhield-cli scan --markdown security_audit.md
## Complete Parameter Reference
### `scan` Command
| Parameter | Description | Default |
|-----------|-------------|---------|
| `target` | Target directory or file to scan | `.` (current directory) |
| `--json` | Output results in JSON format | Off |
| `--html FILE` | Generate HTML report and save to FILE | Off |
| `--markdown FILE` | Generate Markdown report and save to FILE | Off |
| `--severity LEVEL` | Minimum severity level to display (`critical` / `high` / `medium` / `low` / `info`) | `info` |
| `--exclude DIRS` | Comma-separated directories to exclude | `.git,__pycache__,node_modules,.venv,venv,.tox,dist,build,.eggs` |
| `--ignore RULE_ID` | Rule IDs to ignore (can be specified multiple times) | None |
| `--no-color` | Disable colored output | Off |
| `--quiet` | Quiet mode, show results only | Off |
### `dashboard` Command
| Parameter | Description | Default |
|-----------|-------------|---------|
| `target` | Target directory for dashboard scan | `.` (current directory) |
### Other Commands
| Command | Description |
|---------|-------------|
| `reposhield-cli rules` | List all available security detection rules |
| `reposhield-cli version` | Show version information |
## Typical Use Cases
### Use Case 1: Daily Development Security Check
Quickly scan your current project before committing code to ensure no sensitive information is leaked:
reposhield-cli scan --severity medium
### Use Case 2: CI/CD Integration
Integrate security scanning into your continuous integration pipeline and generate a JSON report for further analysis:
reposhield-cli scan --json --quiet > security_report.json
### Use Case 3: Team Security Audit
Generate an HTML report and share it with team members for security review:
reposhield-cli scan --html team_audit_report.html --exclude node_modules,.git
### Use Case 4: Open Source Project Security Assessment
Evaluate the security posture of a third-party open source project:
reposhield-cli scan /path/to/open-source-project --severity low --markdown assessment.md
# 💡 Design Philosophy & Roadmap
## Design Philosophy
The core design philosophy of RepoShield-CLI is to integrate security auditing into the earliest stage of the development workflow. By providing instant, comprehensive security scanning capabilities in the local terminal, developers can quickly identify and fix security issues before each commit, significantly reducing the probability of security incidents.
## Technical Decisions
| Decision | Rationale |
|----------|-----------|
| **Pure Python standard library** | Ensures zero external dependencies, avoids version conflicts, install and run |
| **CLI tool format** | Lightweight and efficient, easy to integrate into editors and CI/CD pipelines |
| **Rule engine architecture** | Modular design, each rule is independently extensible and easy to maintain |
| **Multi-format reports** | Adapts to different scenarios: terminal for instant viewing, JSON for programmatic processing, HTML for manual review, Markdown for documentation archiving |
## Roadmap
# 📦 Packaging & Deployment Guide
## Building a Wheel Package
# Install build tools
pip install build
# Build
python -m build
# Install the generated wheel package
pip install dist/reposhield_cli-1.0.0-py3-none-any.whl
## Install from PyPI (when published)
pip install reposhield-cli
## Using with Docker
# Run a scan inside a Docker container
docker run --rm -v /path/to/project:/scan reposhield-cli scan /scan
## Submitting a Pull Request
1. **Fork** this repository
2. Create a feature branch: `git checkout -b feature/your-feature-name`
3. Commit your changes: `git commit -m 'feat: add your feature description'`
4. Push the branch: `git push origin feature/your-feature-name`
5. Submit a **Pull Request**
### Commit Convention
| Type | Description |
|------|-------------|
| `feat:` | New feature |
| `fix:` | Bug fix |
| `docs:` | Documentation update |
| `refactor:` | Code refactoring |
| `test:` | Test-related changes |
| `chore:` | Build/toolchain related |
## Reporting Issues
- Use a clear title to describe the issue
- Provide reproduction steps and environment information
- Attach relevant logs or screenshots
# 📄 License
This project is licensed under the [MIT License](LICENSE).
MIT License
Copyright (c) 2024 RepoShield Team
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.