Security baseline for your project. One command, you're set.
You're shipping fast. Security? "We'll add it later."
Later never comes. Then some bot finds your AWS keys on GitHub at 3am.
pip install bootsec
bootsec goThat's it. 60 seconds. Done.
You now have:
.gitignorethat actually blocks secretsSECURITY.mdso people can report vulnsdocs/security-checklist.mdfor pre-launch.pre-commit-config.yamlthat catches mistakes before you commit
No config files. No 200-page docs. No BS.
| Command | What it does |
|---|---|
bootsec go |
Setup everything |
bootsec guard |
Pre-commit check (<1 sec) |
bootsec peek |
Preview before applying |
bootsec packs |
See available packs |
- Scans your repo (Node? Python? Flutter? We got you)
- Generates security docs for your stack
- Guards your commits so you don't push secrets
- Merges with your existing files (never overwrites)
| File | Why |
|---|---|
.gitignore |
Blocks secrets, build junk |
.env.example |
Template for env vars |
SECURITY.md |
Vuln reporting |
docs/security-checklist.md |
Pre-launch checklist |
.pre-commit-config.yaml |
Commit guard |
bootsec go # basic setup
bootsec go --ci # + GitHub Actions
bootsec peek # just preview, no changes- Merge, don't overwrite
- No network calls
- Pure Python, zero deps
- Fast. Like, actually fast.
Bootsec Pro unlocks the good stuff:
| Command | What it does |
|---|---|
bootsec check |
Security audit with score (0-100) |
bootsec scan |
Find vulnerable deps |
bootsec deps |
Audit npm/pip/cargo/go/ruby/php |
bootsec sbom |
Generate SBOM |
bootsec ai |
AI fix suggestions |
Plus: 85+ secret patterns, Docker/K8s checks, supply chain security.
- Python 3.10+
- Git
MIT
Code audited by my buddy Claude. He finds bugs at 3am without complaining. Truly built different.