• Stars
    star
    122
  • Rank 292,031 (Top 6 %)
  • Language
    Python
  • License
    MIT License
  • Created almost 11 years ago
  • Updated over 3 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Looks at Python code to search for things which look "dodgy" such as passwords or diffs

dodgy

Dodgy is a very basic tool to run against your codebase to search for "dodgy" looking values. It is a series of simple regular expressions designed to detect things such as accidental SCM diff checkins, or passwords or secret keys hard coded into files.

While this is primarily aimed at open source projects (for whom a publicly available secret key is pretty dangerous), it can also be used in private projects, with the caveat that it will point out things which are not a problem for private projects and is not configurable enough currently to change that.

Another note - this tool is probably best run pre-commit, since it will hopefully prevent dodgy things being checked in. To automatically execute before a commit use a git pre-commit hook

Status

Latest Version Build Status Code Health Coverage Status

This is a very early version with minimal functionality right now, but will be improved over time.

It was written as one of several tools for landscape.io, a code metrics and repository analyser for Python. As such, the features will mostly reflect the needs of Landscape in the early stages.