Skip to content

Git plugin that prevents sensitive data from being committed.

License

Notifications You must be signed in to change notification settings

ezekg/git-hound

Repository files navigation

Git Hound

Travis Code Climate GoDoc

Hound is a Git plugin that helps prevent sensitive data from being committed into a repository by sniffing potential commits against PCRE regular expressions.

How does it work?

Upon commit, it runs the output of git diff -U0 --staged through the Hound, which matches every added or modified line against your provided list of regular expressions from a local .githound.yml file.

Installation

To install Hound, please use go get. If you don't have Go installed, get it here. If you would like to grab a precompiled binary, head over to the releases page. The precompiled Hound binaries have no external dependencies.

go get github.com/ezekg/git-hound

If you're on macOS, you can also install using Homebrew:

brew install git-hound

Compiling

To compile for your operating system, simply run the following from the root of the project directory:

go install

To compile for all platforms using gox, run the following:

gox

Usage

git-hound [<opts>] commit [...]
git-hound [<opts>] sniff [<commit>]

Commit

Sniff changes before committing.

# Sniff changes since last commit and pass to git-commit when clean
git hound commit …

Sniff

You can optionally pass a commit hash or manually pipe a diff for the Hound to sniff.

# Sniff changes since last commit
git hound sniff HEAD

# Sniff entire codebase
git hound sniff

# Sniff entire repo history
git log -p | git hound sniff

Option flags

Flag Type Default Usage
-no-color bool false Disable color output
-config=file string .githound.yml Hound config file
-bin=file string git Executable binary to use for git command

Example .githound.yml

# Output warning on match but continue
warn:
  - '(?i)user(name)?\W*[:=,]\W*.+$'
  - '\/Users\/\w+\/'
# Fail immediately upon match
fail:
  - '[''"](?!.*[\s])(?=.*[A-Za-z])(?=.*[0-9])(?=.*[!@#$&*])?.{16,}[''"]'
  - '(?i)db_(user(name)?|pass(word)?|name)\W*[:=,]\W*.+$'
  - '(?i)pass(word)?\W*[:=,]\W*.+$'
# Skip on matched filename
skip:
  - '\.example$'
  - '\.sample$'