Skip to content

Commit 1a05f38

Browse files
committed
Add ignore system, packaging, and rule documentation
Introduces IgnoreManager for file exclusion via .oaignore, updates scanners to respect ignored files and directories, and adds rule documentation. Refactors ScanContext, improves CLI UX, and enhances console reporting with confidence levels. Adds packaging files (pyproject.toml, MANIFEST.in), rule system documentation, and prepares the project for distribution.
1 parent 608029e commit 1a05f38

23 files changed

Lines changed: 422 additions & 17 deletions

.oaignore

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,16 @@
1+
# OpenAuditKit Ignore File
2+
node_modules/
3+
__pycache__/
4+
*.pyc
5+
.git/
6+
.svn/
7+
.hg/
8+
dist/
9+
build/
10+
coverage/
11+
.tox/
12+
.venv/
13+
env/
14+
venv/
15+
tests/fixtures/
16+
*.log

MANIFEST.in

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
include openaudit/rules/*.yaml
2+
include README.md
3+
include requirements.txt
4+
include LICENSE

README.md

Lines changed: 44 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,15 +7,58 @@ OpenAuditKit is an open-source CLI security audit tool designed to scan your cod
77
- **Config Scanning**: Identifies misconfigurations in deployment files (e.g., .env, Dockerfile).
88
- **Secure**: Secrets are masked in outputs; offline-first design.
99
- **Backend Ready**: Feature-based architecture with Pydantic models for easy integration into dashboards or APIs.
10+
- **Customizable**: Add your own rules! See [Rule Documentation](rules/README.md).
11+
12+
## 🛡️ Why OpenAuditKit?
13+
14+
Often, security tools are either too simple (grep) or too complex (enterprise SAST). OpenAuditKit bridges the gap:
15+
16+
| Feature | OpenAuditKit | Gitleaks | TruffleHog |
17+
| :--- | :---: | :---: | :---: |
18+
| **Secret Scanning** ||||
19+
| **Config Scanning** ||||
20+
| **Offline First** ||| ❌ (Often requires API) |
21+
| **Custom Rules** | ✅ (YAML) | ✅ (TOML) | ✅ (Detectors) |
22+
| **Backend Integration** | ✅ (Pydantic Models) |||
23+
| **Configuration Check** | ✅ (.env, Docker) |||
24+
25+
### Security Philosophy
26+
1. **Offline First**: No data leaves your machine. Your code is yours.
27+
2. **Confidence > Noise**: We use entropy checks and specific regexes to minimize false positives.
28+
3. **Actionable**: Every finding comes with a remediation step.
1029

1130
## Installation
1231
```bash
13-
pip install -r requirements.txt
32+
# From PyPI (Coming Real Soon!)
33+
pip install openaudit
34+
35+
# Or from source
36+
git clone https://github.com/StartUp-Agency/OpenAuditKit.git
37+
cd OpenAuditKit
38+
pip install .
1439
```
1540

1641
## Usage
1742
```bash
43+
# Basic Scan
1844
python -m openaudit.main .
45+
46+
# With specific rules
47+
python -m openaudit.main . --rules-path ./my-rules
48+
49+
# JSON Output
50+
python -m openaudit.main . --format json --output report.json
51+
```
52+
53+
**Ignoring Files:**
54+
Create a `.oaignore` or `.openauditignore` file in your root directory to exclude files/folders from the scan (uses .gitignore syntax).
55+
56+
Example `.oaignore`:
57+
```text
58+
node_modules/
59+
dist/
60+
tests/
61+
*.log
1962
```
2063

2164
## 🚀 CI/CD Integration
8.52 KB
Binary file not shown.

dist/openaudit-0.1.0.tar.gz

10.2 KB
Binary file not shown.

memory_bank.md

Lines changed: 6 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -44,8 +44,11 @@ We adopted a **Feature-Based Architecture** to ensure scalability and ease of fu
4444
- [x] CI Mode & Exit Codes Implemented
4545
- [x] Manual Verification (Verified CI flags and Exit Codes)
4646
- [x] Test Suite Implemented (Core, Secrets, Config, CI Coverage > 90%)
47+
- [x] Rule System v2 Upgrade (Confidence field, Validation, Community Docs)
48+
- [x] Developer Experience (DX) Improvements (Ignore System, README Polish, CLI UX)
49+
- [x] Release & Distribution (Packaging, pyproject.toml, Entry Points)
4750

4851
## 🔮 Next Steps
49-
- Implement `IgnoreMechanism` (e.g. .oaignore or inline comments).
50-
- Add unit tests (PyTest).
51-
- Package for PyPI distribution.
52+
- Implement Inline Comments Support (e.g., `# openaudit:ignore`).
53+
- Plugin System for third-party scanners.
54+
- Dashboard Integration / HTML Report.

openaudit.egg-info/PKG-INFO

Lines changed: 112 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,112 @@
1+
Metadata-Version: 2.4
2+
Name: openaudit
3+
Version: 0.1.0
4+
Summary: Offline-first security audit tool (secrets & config scanning) for local codebases.
5+
Author-email: OpenAuditKit Team <info@openauditkit.org>
6+
License: MIT
7+
Classifier: Programming Language :: Python :: 3
8+
Classifier: License :: OSI Approved :: MIT License
9+
Classifier: Operating System :: OS Independent
10+
Requires-Python: >=3.9
11+
Description-Content-Type: text/markdown
12+
License-File: LICENSE
13+
Requires-Dist: typer>=0.9.0
14+
Requires-Dist: pyyaml>=6.0
15+
Requires-Dist: rich>=13.0.0
16+
Requires-Dist: pydantic>=2.0.0
17+
Requires-Dist: pathspec>=0.11.0
18+
Dynamic: license-file
19+
20+
# OpenAuditKit
21+
22+
OpenAuditKit is an open-source CLI security audit tool designed to scan your codebase for secrets and configuration vulnerabilities. It emphasizes offline capability, modular design, and secure handling of sensitive data (secret masking).
23+
24+
## Features
25+
- **Secret Scanning**: Detects API keys and secrets using regex and entropy checks.
26+
- **Config Scanning**: Identifies misconfigurations in deployment files (e.g., .env, Dockerfile).
27+
- **Secure**: Secrets are masked in outputs; offline-first design.
28+
- **Backend Ready**: Feature-based architecture with Pydantic models for easy integration into dashboards or APIs.
29+
- **Customizable**: Add your own rules! See [Rule Documentation](rules/README.md).
30+
31+
## 🛡️ Why OpenAuditKit?
32+
33+
Often, security tools are either too simple (grep) or too complex (enterprise SAST). OpenAuditKit bridges the gap:
34+
35+
| Feature | OpenAuditKit | Gitleaks | TruffleHog |
36+
| :--- | :---: | :---: | :---: |
37+
| **Secret Scanning** | ✅ | ✅ | ✅ |
38+
| **Config Scanning** | ✅ | ❌ | ❌ |
39+
| **Offline First** | ✅ | ✅ | ❌ (Often requires API) |
40+
| **Custom Rules** | ✅ (YAML) | ✅ (TOML) | ✅ (Detectors) |
41+
| **Backend Integration** | ✅ (Pydantic Models) | ❌ | ❌ |
42+
| **Configuration Check** | ✅ (.env, Docker) | ❌ | ❌ |
43+
44+
### Security Philosophy
45+
1. **Offline First**: No data leaves your machine. Your code is yours.
46+
2. **Confidence > Noise**: We use entropy checks and specific regexes to minimize false positives.
47+
3. **Actionable**: Every finding comes with a remediation step.
48+
49+
## Installation
50+
```bash
51+
pip install -r requirements.txt
52+
```
53+
54+
## Usage
55+
```bash
56+
# Basic Scan
57+
python -m openaudit.main .
58+
59+
# With specific rules
60+
python -m openaudit.main . --rules-path ./my-rules
61+
62+
# JSON Output
63+
python -m openaudit.main . --format json --output report.json
64+
```
65+
66+
**Ignoring Files:**
67+
Create a `.oaignore` or `.openauditignore` file in your root directory to exclude files/folders from the scan (uses .gitignore syntax).
68+
69+
Example `.oaignore`:
70+
```text
71+
node_modules/
72+
dist/
73+
tests/
74+
*.log
75+
```
76+
77+
## 🚀 CI/CD Integration
78+
79+
OpenAuditKit is designed to run in CI/CD pipelines. Use the `--ci` flag to enable CI mode (exit code 1 on failure, no interactive elements).
80+
81+
### GitHub Actions Example
82+
83+
Create `.github/workflows/audit.yml`:
84+
85+
```yaml
86+
name: Security Audit
87+
on: [push, pull_request]
88+
89+
jobs:
90+
openaudit:
91+
runs-on: ubuntu-latest
92+
steps:
93+
- uses: actions/checkout@v3
94+
- uses: actions/setup-python@v4
95+
with:
96+
python-version: '3.10'
97+
- run: pip install openaudit
98+
- run: openaudit . --ci --fail-on high
99+
```
100+
101+
### Exit Codes
102+
- `0`: No issues found (or issues below threshold).
103+
- `1`: Issues found matching or exceeding severity threshold.
104+
105+
## 🛠 Development & Testing
106+
107+
Run the test suite with coverage:
108+
```bash
109+
python -m pytest tests --cov=openaudit
110+
```
111+
112+
We enforce a 90% test coverage threshold.

openaudit.egg-info/SOURCES.txt

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,18 @@
1+
LICENSE
2+
MANIFEST.in
3+
README.md
4+
pyproject.toml
5+
requirements.txt
6+
openaudit/__init__.py
7+
openaudit/main.py
8+
openaudit.egg-info/PKG-INFO
9+
openaudit.egg-info/SOURCES.txt
10+
openaudit.egg-info/dependency_links.txt
11+
openaudit.egg-info/entry_points.txt
12+
openaudit.egg-info/requires.txt
13+
openaudit.egg-info/top_level.txt
14+
openaudit/rules/config.yaml
15+
openaudit/rules/secrets.yaml
16+
tests/test_config_scanner.py
17+
tests/test_core.py
18+
tests/test_secret_scanner.py
Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,2 @@
1+
[console_scripts]
2+
openaudit = openaudit.main:main

0 commit comments

Comments
 (0)