git-repo-auditor

# Git Repository Auditor

## What This Does

A CLI tool to audit Git repositories for security issues, code quality problems, and repository health. Scan repositories for secrets, large files, sensitive data, and common security anti-patterns.

Key features:
- **Secrets detection**: Scan Git history for API keys, passwords, tokens, and other sensitive data using regex patterns
- **Large file detection**: Identify large files (>10MB) in repository history that may impact performance
- **Security anti-patterns**: Detect hardcoded credentials, insecure configuration files, and dangerous permissions
- **Repository health**: Check for merge conflicts, stale branches, and other repository hygiene issues
- **Compliance reporting**: Generate security compliance reports for audits and team reviews
- **Multiple output formats**: Human-readable, JSON, and CSV output for integration with other tools
- **Custom scanning**: Configure custom regex patterns and file extensions to scan
- **Historical analysis**: Scan entire Git history or specific time ranges
- **Remediation guidance**: Suggest fixes for identified security issues

## When To Use

- You need to audit a Git repository for security compliance
- You want to detect accidental commits of secrets or sensitive data
- You're preparing a repository for open-source release
- You need to identify performance issues (large files in history)
- You're onboarding new developers and want to ensure repository hygiene
- You need to generate security audit reports for compliance requirements
- You want to automate security scanning in CI/CD pipelines
- You're cleaning up old repositories and need to identify issues

## Usage

Basic commands:

```bash
# Scan current directory repository
python3 scripts/main.py scan .

# Scan specific repository path
python3 scripts/main.py scan /path/to/repo

# Scan with custom secrets patterns file
python3 scripts/main.py scan . --patterns custom-patterns.json

# Generate JSON report for automation
py...

# Git Repository Auditor

Audit Git repositories for security issues, large files, sensitive data, and repository health metrics.

## Features

- Scan Git history for secrets (API keys, passwords, tokens)
- Detect large files impacting repository performance
- Check repository health (stale branches, binary files, .gitignore)
- Multiple output formats (human-readable, JSON)
- No external dependencies (Git + Python 3 only)

## Quick Start

```bash
# Scan a repository for security issues
python3 scripts/main.py scan /path/to/repo

# Get repository health report
python3 scripts/main.py health /path/to/repo

# List all branches with commit info
python3 scripts/main.py branches /path/to/repo

# Output JSON for automation
python3 scripts/main.py scan /path/to/repo --json
```

## Installation

This skill requires:
- Git 2.20+ installed and in PATH
- Python 3.x

No additional Python packages required.

## Usage Examples

### Basic security scan
```bash
python3 scripts/main.py scan ~/projects/my-app
```

### Scan with custom large file threshold
```bash
python3 scripts/main.py scan . --threshold 50
```

### Generate JSON report for CI/CD
```bash
python3 scripts/main.py scan . --json > security-report.json
```

### Check repository health
```bash
python3 scripts/main.py health .
```

## Output

The tool provides color-coded output:
- 🔍 Scanning progress
- ⚠️  Security issues found
- 💾 Large files detected
- ✅ No issues found
- 📊 Health metrics

## Limitations

- Scanning large repositories may be slow
- Secrets detection uses regex patterns (may have false positives)
- Does not automatically remove secrets from history
- Requires local Git repository (cannot scan remote directly)

## License

This skill is part of the OpenClaw Skill Factory portfolio.