Metadata-Version: 2.4
Name: compliance-scanner
Version: 1.0.0
Summary: Scan codebases for leaked secrets, API keys, and credentials. Compliance-grade reporting with online report sharing.
Author: Naufal
License: MIT
Project-URL: Homepage, https://github.com/naufal/compliance-scanner
Project-URL: Repository, https://github.com/naufal/compliance-scanner
Project-URL: Issues, https://github.com/naufal/compliance-scanner/issues
Keywords: security,compliance,secrets,scanner,credentials,api-keys
Classifier: Development Status :: 4 - Beta
Classifier: Intended Audience :: Developers
Classifier: Intended Audience :: System Administrators
Classifier: License :: OSI Approved :: MIT License
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Topic :: Security
Classifier: Topic :: Software Development :: Quality Assurance
Requires-Python: >=3.9
Description-Content-Type: text/markdown
License-File: LICENSE
Dynamic: license-file

# compliance-scanner

Scan codebases for leaked secrets, API keys, and credentials. Compliance-grade reporting with online report sharing.

## Installation

```bash
# From PyPI (when published)
pip install compliance-scanner

# From source
git clone https://github.com/naufal/compliance-scanner.git
cd compliance-scanner
pip install .
```

## Usage

```bash
# Scan current directory
compliance-scanner .

# Scan specific path
compliance-scanner /path/to/project

# Local only (no online upload)
compliance-scanner . --no-upload

# JSON output
compliance-scanner . --json --output report.json

# Custom expiry for online report
compliance-scanner . --expiry 7

# Ignore additional directories
compliance-scanner . --ignore .env,.secrets

# Scan only Python files
compliance-scanner . --file-glob "*.py"

# Quiet mode
compliance-scanner . -q
```

## What It Detects

- High-entropy strings (potential API keys, tokens)
- Variable assignments with secrets (`API_KEY=...`, `SECRET=...`)
- JWT tokens (`eyJ...`)
- AWS access keys (`AKIA...`)
- GitHub tokens (`ghp_...`, `gho_...`, `ghs_...`)
- Slack tokens (`xoxb-...`, `xoxp-...`)
- Stripe keys (`sk_live_...`, `pk_live_...`)
- Google API keys (`AIza...`)
- Base64-encoded strings
- Generic long alphanumeric strings

## Output

### Terminal
```
============================================================
COMPLIANCE SCAN — SECRET/CREDENTIAL DETECTION REPORT
============================================================

Scan root      : /path/to/project
Files scanned  : 42

STATUS: 3 POTENTIAL FINDINGS
Showing top 3 by score

Rank     : 1
Score    : 200
Variable : API_KEY
Value    : sk_live_abc123...
File     : /path/to/config.py
Line     : 15
------------------------------------------------------------
```

### Online Report
Reports are uploaded to [dpaste.org](https://dpaste.org) with configurable expiry (default: 30 days). Share the URL with your team for compliance reviews.

### JSON
```json
{
  "scan_root": "/path/to/project",
  "files_scanned": 42,
  "total_findings": 3,
  "status": "findings_detected",
  "findings": [...]
}
```

## Exit Codes

- `0` — Clean (no findings)
- `1` — Findings detected

Use in CI/CD:
```bash
compliance-scanner . --no-upload --quiet || echo "SECRETS DETECTED"
```

## License

MIT
