Scan any GitHub repo for security nightmares in 30 seconds.
Features β’ Quick Start β’ Scanners β’ Report Card β’ Badge β’ Contributing
ShieldMyRepo is an open-source CLI tool that scans any code repository for security vulnerabilities, misconfigurations, and leaked secrets β then gives it a security grade from A to F with a shareable badge for your README.
Think of it as a security health check for your codebase.
$ shieldmyrepo scan .
π‘οΈ ShieldMyRepo β Security Report Card
ββββββββββββββββββββββββββββββββββββββ
π Overall Grade: B
βββββββββββββββββββββββββββ¬ββββββββββββ¬βββββββββββ
β Scanner β Status β Findings β
βββββββββββββββββββββββββββΌββββββββββββΌβββββββββββ€
β π Secret Detection β β
PASS β 0 β
β π¦ Dependencies β β οΈ WARN β 3 β
β βοΈ GitHub Actions β β
PASS β 0 β
β π³ Dockerfile β β FAIL β 2 β
β π Gitignore β β οΈ WARN β 1 β
βββββββββββββββββββββββββββ΄ββββββββββββ΄βββββββββββ
π Details: reports/shieldmyrepo-report.json
π·οΈ Badge: reports/shieldmyrepo-badge.svg- π Secret Detection β Finds leaked API keys, tokens, passwords, and private keys in your code
- π¦ Dependency Scanning β Checks
package.json,requirements.txt,Cargo.toml,go.modfor known vulnerabilities - βοΈ GitHub Actions Audit β Detects insecure workflow configurations and supply chain risks
- π³ Dockerfile Security β Flags running as root, unpinned base images, secrets in build args
- π Gitignore Check β Ensures sensitive files aren't being committed
- π A-F Grade Report Card β Beautiful terminal output with actionable recommendations
- π·οΈ Shareable Badge β Generate an SVG badge to show your repo's security grade in your README
- π Plugin Architecture β Easy to add new scanners (great for contributors!)
# Clone the repository
git clone https://github.com/DhanushNehru/ShieldMyRepo.git
cd ShieldMyRepo
# Install in development mode
pip install -e .# Scan the current directory
shieldmyrepo scan .
# Scan a specific path
shieldmyrepo scan /path/to/your/project
# Scan and generate a badge
shieldmyrepo scan . --badge
# Output report as JSON
shieldmyrepo scan . --format json
# Run only specific scanners
shieldmyrepo scan . --scanners secrets,dockerfileShieldMyRepo uses a modular plugin architecture. Each scanner is a self-contained Python module that can be easily added or modified.
| Scanner | Description | File |
|---|---|---|
| π Secrets | Detects leaked API keys, tokens, and passwords | scanners/secrets.py |
| π¦ Dependencies | Checks package files for known vulnerabilities | scanners/dependencies.py |
| βοΈ GitHub Actions | Audits workflow security configurations | scanners/github_actions.py |
| π³ Dockerfile | Analyzes Docker security best practices | scanners/dockerfile.py |
| π Gitignore | Validates gitignore coverage | scanners/gitignore.py |
Check out our Contributing Guide β adding a scanner is one of the easiest ways to contribute! Each scanner is a single Python file that follows a simple interface.
ShieldMyRepo generates a beautiful report card with:
- Overall Grade (A-F) based on weighted scanner results
- Per-scanner status (PASS / WARN / FAIL)
- Finding count with severity levels
- Actionable recommendations for each finding
- JSON export for CI/CD integration
| Grade | Score Range | Description |
|---|---|---|
| A | 90-100 | Excellent β minimal security concerns |
| B | 80-89 | Good β a few minor issues |
| C | 70-79 | Fair β some issues need attention |
| D | 60-69 | Poor β significant security gaps |
| F | 0-59 | Critical β immediate action required |
Add a security grade badge to your project's README:
Run shieldmyrepo scan . --badge to generate an SVG badge in the reports/ directory.
- Python 3.8+ β Core CLI and scanner engine
- Click β CLI framework
- Rich β Beautiful terminal output
- PyYAML β YAML parsing for workflows and configs
We love contributions! ShieldMyRepo is designed to be contributor-friendly:
- π’ Easy: Add a new secret detection pattern
- π‘ Medium: Build a new scanner module
- π΄ Hard: Improve the grading algorithm
Check out our Contributing Guide to get started. Look for issues tagged with good first issue or help wanted.
This project is licensed under the MIT License β see the LICENSE file for details.
If you find ShieldMyRepo useful, please consider giving it a star! It helps others discover the project.
Made with β€οΈ by Dhanush Nehru