Metadata-Version: 2.4
Name: checsum
Version: 0.1.4
Summary: Scan repositories for potential usernames, passwords, tokens, and other secrets.
Author: Sriram Sreedhar
License-Expression: Apache-2.0
Project-URL: Homepage, https://github.com/sriramsreedhar/Checksum-PIP-PACKAGE
Project-URL: Issues, https://github.com/sriramsreedhar/Checksum-PIP-PACKAGE/blob/main/issues/issues.md
Keywords: security,secrets,scanner,git,pre-push
Classifier: Development Status :: 3 - Alpha
Classifier: Intended Audience :: Developers
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3 :: Only
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Topic :: Security
Classifier: Topic :: Software Development :: Quality Assurance
Requires-Python: >=3.9
Description-Content-Type: text/markdown
License-File: LICENSE
Dynamic: license-file

# checsum

`checsum` scans your project for potential secrets before code is pushed to Git.
It detects common patterns such as usernames, passwords, API tokens, private keys,
and authorization headers, then generates a full HTML report with:

- file name
- exact location (line and column)
- finding type
- matched value (or preview)

## Install

```bash
pip install checsum
```



## Usage

Scan the current directory and create an HTML report:

```bash
checsum --path . --output checsum-report.html
```

Fail CI if possible secrets are found:

```bash
checsum --path . --fail-on-findings
```

Ignore additional globs:

```bash
checsum --path . --ignore "*.pem" --ignore "docs/*"
```

## Example Output

The report includes:

- scan timestamp
- root path scanned
- total files and findings
- grouped breakdown by finding type
- detailed table of each hit with path, line, column, severity, and extracted snippet

## Use as a pre-push safety check

Create `.git/hooks/pre-push`:

```bash
#!/usr/bin/env bash
set -euo pipefail
checsum --path . --output checsum-report.html --fail-on-findings
```

Then make it executable:

```bash
chmod +x .git/hooks/pre-push
```


## Notes

`checsum` is a heuristic scanner. It can produce false positives and should be used
as an early warning signal, not a replacement for secret management best practices.
