Hi there, I built this library after reading up some InfoSec SE posts about what sensitive files (and information) that should be gitignored or not included at all in a git repo.
How this library works: sniffgit starts from the root of your git working directory, and check if there are any sensitive files (id_rsa, *.cert, etc) that are exposed, i.e. files that haven't been gitignored or files that shouldn’t be in a repo at all.
This library also checks textfiles for sensitive information, such as AWS_SECRET_ACCESS_KEY, email, password, etc. Some files and directories are not going to be read at all, though (e.g. binary file, .git, yarn.lock).
Currently, the “sensitive info / line analysis” will have a lot of false positive result for larger projects. The reason is that it only checks for keyword such as “password, API_KEY, email, etc” for each line in a text file.
This is my first ever open-source project. Feedbacks are truly appreciated, particularly about OSS best practices :).
Interesting project! Perhaps you could add a return value depending on whether results were found (using sys.exit or something like that) so it can be integrated in CI-pipelines.
Thank you for the suggestion! I will add that feature today. I believe that the project will be more useful if it can be easily integrated into CI pipelines!
Location: Davis, CA
Remote: Yes
Willing to relocate: Yes
Technologies: Ruby on Rails, React, Python (Pandas, TensorFlow), Flask, C, Java, Git, Docker, Capybara, Selenium, MATLAB
Résumé/CV: https://lili113.typeform.com/to/PTnaKv
Email: https://lili113.typeform.com/to/PTnaKv
I'm a 4th year Computer Science student at UC Davis and I'm graduating in December 2017. I'm looking for an entry-level software engineering position (starting in January/February 2018).
Hi, I built this site to show how companies (mostly in tech) got their first users / how they got viral. Hopefully, people will get some new inspirations on how to get new users based on what have been done in the past :).
This is some great information - however clicking Back after reading some info scrolls the homepage back to the top. The categorization into separate categories is probably not too useful at this point - it might make more sense to just have a single page with all the companies and their strategies listed.
Anyway, great idea for a site - maybe you could add a post to Twitter or Facebook button to help spread it around.
Thanks! I will try to trim down the unnecessary categorization. I have also added a share button as you have mentioned (only on Twitter to start with) :). I will definitely add more share buttons.
I like the clean uncluttered design of the site. You could find some founders to interview a la https://www.indiehackers.com/ to get more detailed information on the early stages of a startup.
It would be nice if the site worked without javascript as well.
Thank you! And thanks for the link to indiehackers. I could find some company informations there that I could not find before (e.g. Sidekiq and Shogun). I will definitely add more content very soon.
Will try to find workaround regarding the javascript too.
truffleHog also provides a sophisticated approach in detecting potential secret strings.
Thank you for the feedback! :)