Git plugin that prevents sensitive data from being committed.
Clone or download

Git Hound

Travis Code Climate GoDoc

Hound is a Git plugin that helps prevent sensitive data from being committed into a repository by sniffing potential commits against PCRE regular expressions.

How does it work?

Upon commit, it runs the output of git diff -U0 --staged through the Hound, which matches every added or modified line against your provided list of regular expressions from a local .githound.yml file.


To install Hound, please use go get. If you don't have Go installed, get it here. If you would like to grab a precompiled binary, head over to the releases page. The precompiled Hound binaries have no external dependencies.

go get


To compile for your operating system, simply run the following from the root of the project directory:

go install

To compile for all platforms using gox, run the following:



git-hound [<opts>] commit [...]
git-hound [<opts>] sniff [<commit>]


Sniff changes before committing.

# Sniff changes since last commit and pass to git-commit when clean
git hound commit …


You can optionally pass a commit hash or manually pipe a diff for the Hound to sniff.

# Sniff changes since last commit
git hound sniff HEAD

# Sniff entire codebase
git hound sniff

# Sniff entire repo history
git log -p | git hound sniff

Option flags

Flag Type Default Usage
-no-color bool false Disable color output
-config=file string .githound.yml Hound config file
-bin=file string git Executable binary to use for git command

Example .githound.yml

# Output warning on match but continue
  - '(?i)user(name)?\W*[:=,]\W*.+$'
  - '\/Users\/\w+\/'
# Fail immediately upon match
  - '[''"](?!.*[\s])(?=.*[A-Za-z])(?=.*[0-9])(?=.*[!@#$&*])?.{16,}[''"]'
  - '(?i)db_(user(name)?|pass(word)?|name)\W*[:=,]\W*.+$'
  - '(?i)pass(word)?\W*[:=,]\W*.+$'
# Skip on matched filename
  - '\.example$'
  - '\.sample$'