AakilAhamed/risk-scanner

Risk Scanner

A compliance and security scanner that detects secrets, tokens, and insecure code patterns in GitHub repositories, files, or directories.
Includes a web application with PDF reporting and a CLI tool for local use.

🚀 Live Demo

The web app is deployed on Render:
👉 https://risk-scanner.onrender.com/

✨ Features

• Scan GitHub repositories, local files, or directories
• Detect common secrets (AWS keys, GitHub tokens, Slack tokens, etc.)
• Identify debug statements and weak patterns
• Severity breakdown with risk score
• Export a neatly formatted PDF report
• Web app (Flask + Gunicorn) and CLI modes
• Deployable to Render with one click

📦 Local Setup

1. Clone the repository

git clone https://github.com/yourusername/risk-scanner.git
cd risk-scanner

2. Install dependencies

pip install -r requirements.txt

3. Set up GitHub token (optional but recommended)

Without a token, you are limited to 60 GitHub API requests/hour.
With a token, you get 5,000 requests/hour.

• Windows (Command Prompt):

  set GITHUB_TOKEN=ghp_yourtokenhere
  

• Windows (PowerShell):

  $env:GITHUB_TOKEN="ghp_yourtokenhere"
  

• Linux / macOS (Bash / Zsh):

  export GITHUB_TOKEN=ghp_yourtokenhere
  

🖥️ CLI Usage

Scan a GitHub repository:

python cli_wrapper.py scan-repo https://github.com/GitGuardian/sample_secrets

Scan a local file:

python cli_wrapper.py scan-file path/to/file.py

Scan a directory:

python cli_wrapper.py scan-dir ./src

Save results to JSON:

python cli_wrapper.py scan-repo https://github.com/GitGuardian/sample_secrets --output results.json

🌐 Web Application (Local)

Run the Flask app locally:

python app.py

Then open http://localhost:8000 in your browser.

Features:

• Enter a GitHub repo URL and scan
• View summary and findings
• Export a neatly formatted PDF report

🔎 Example

Try scanning this repo with test secrets:

python cli_wrapper.py scan-repo https://github.com/GitGuardian/sample_secrets

📄 License

MIT