compliance-scanner 1.0.0__tar.gz

compliance_scanner-1.0.0/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Naufal
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

compliance_scanner-1.0.0/PKG-INFO

@@ -0,0 +1,134 @@
+Metadata-Version: 2.4
+Name: compliance-scanner
+Version: 1.0.0
+Summary: Scan codebases for leaked secrets, API keys, and credentials. Compliance-grade reporting with online report sharing.
+Author: Naufal
+License: MIT
+Project-URL: Homepage, https://github.com/naufal/compliance-scanner
+Project-URL: Repository, https://github.com/naufal/compliance-scanner
+Project-URL: Issues, https://github.com/naufal/compliance-scanner/issues
+Keywords: security,compliance,secrets,scanner,credentials,api-keys
+Classifier: Development Status :: 4 - Beta
+Classifier: Intended Audience :: Developers
+Classifier: Intended Audience :: System Administrators
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Topic :: Security
+Classifier: Topic :: Software Development :: Quality Assurance
+Requires-Python: >=3.9
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Dynamic: license-file
+
+# compliance-scanner
+
+Scan codebases for leaked secrets, API keys, and credentials. Compliance-grade reporting with online report sharing.
+
+## Installation
+
+```bash
+# From PyPI (when published)
+pip install compliance-scanner
+
+# From source
+git clone https://github.com/naufal/compliance-scanner.git
+cd compliance-scanner
+pip install .
+```
+
+## Usage
+
+```bash
+# Scan current directory
+compliance-scanner .
+
+# Scan specific path
+compliance-scanner /path/to/project
+
+# Local only (no online upload)
+compliance-scanner . --no-upload
+
+# JSON output
+compliance-scanner . --json --output report.json
+
+# Custom expiry for online report
+compliance-scanner . --expiry 7
+
+# Ignore additional directories
+compliance-scanner . --ignore .env,.secrets
+
+# Scan only Python files
+compliance-scanner . --file-glob "*.py"
+
+# Quiet mode
+compliance-scanner . -q
+```
+
+## What It Detects
+
+- High-entropy strings (potential API keys, tokens)
+- Variable assignments with secrets (`API_KEY=...`, `SECRET=...`)
+- JWT tokens (`eyJ...`)
+- AWS access keys (`AKIA...`)
+- GitHub tokens (`ghp_...`, `gho_...`, `ghs_...`)
+- Slack tokens (`xoxb-...`, `xoxp-...`)
+- Stripe keys (`sk_live_...`, `pk_live_...`)
+- Google API keys (`AIza...`)
+- Base64-encoded strings
+- Generic long alphanumeric strings
+
+## Output
+
+### Terminal
+```
+============================================================
+COMPLIANCE SCAN — SECRET/CREDENTIAL DETECTION REPORT
+============================================================
+
+Scan root      : /path/to/project
+Files scanned  : 42
+
+STATUS: 3 POTENTIAL FINDINGS
+Showing top 3 by score
+
+Rank     : 1
+Score    : 200
+Variable : API_KEY
+Value    : sk_live_abc123...
+File     : /path/to/config.py
+Line     : 15
+------------------------------------------------------------
+```
+
+### Online Report
+Reports are uploaded to [dpaste.org](https://dpaste.org) with configurable expiry (default: 30 days). Share the URL with your team for compliance reviews.
+
+### JSON
+```json
+{
+  "scan_root": "/path/to/project",
+  "files_scanned": 42,
+  "total_findings": 3,
+  "status": "findings_detected",
+  "findings": [...]
+}
+```
+
+## Exit Codes
+
+- `0` — Clean (no findings)
+- `1` — Findings detected
+
+Use in CI/CD:
+```bash
+compliance-scanner . --no-upload --quiet || echo "SECRETS DETECTED"
+```
+
+## License
+
+MIT

compliance_scanner-1.0.0/README.md

@@ -0,0 +1,107 @@
+# compliance-scanner
+
+Scan codebases for leaked secrets, API keys, and credentials. Compliance-grade reporting with online report sharing.
+
+## Installation
+
+```bash
+# From PyPI (when published)
+pip install compliance-scanner
+
+# From source
+git clone https://github.com/naufal/compliance-scanner.git
+cd compliance-scanner
+pip install .
+```
+
+## Usage
+
+```bash
+# Scan current directory
+compliance-scanner .
+
+# Scan specific path
+compliance-scanner /path/to/project
+
+# Local only (no online upload)
+compliance-scanner . --no-upload
+
+# JSON output
+compliance-scanner . --json --output report.json
+
+# Custom expiry for online report
+compliance-scanner . --expiry 7
+
+# Ignore additional directories
+compliance-scanner . --ignore .env,.secrets
+
+# Scan only Python files
+compliance-scanner . --file-glob "*.py"
+
+# Quiet mode
+compliance-scanner . -q
+```
+
+## What It Detects
+
+- High-entropy strings (potential API keys, tokens)
+- Variable assignments with secrets (`API_KEY=...`, `SECRET=...`)
+- JWT tokens (`eyJ...`)
+- AWS access keys (`AKIA...`)
+- GitHub tokens (`ghp_...`, `gho_...`, `ghs_...`)
+- Slack tokens (`xoxb-...`, `xoxp-...`)
+- Stripe keys (`sk_live_...`, `pk_live_...`)
+- Google API keys (`AIza...`)
+- Base64-encoded strings
+- Generic long alphanumeric strings
+
+## Output
+
+### Terminal
+```
+============================================================
+COMPLIANCE SCAN — SECRET/CREDENTIAL DETECTION REPORT
+============================================================
+
+Scan root      : /path/to/project
+Files scanned  : 42
+
+STATUS: 3 POTENTIAL FINDINGS
+Showing top 3 by score
+
+Rank     : 1
+Score    : 200
+Variable : API_KEY
+Value    : sk_live_abc123...
+File     : /path/to/config.py
+Line     : 15
+------------------------------------------------------------
+```
+
+### Online Report
+Reports are uploaded to [dpaste.org](https://dpaste.org) with configurable expiry (default: 30 days). Share the URL with your team for compliance reviews.
+
+### JSON
+```json
+{
+  "scan_root": "/path/to/project",
+  "files_scanned": 42,
+  "total_findings": 3,
+  "status": "findings_detected",
+  "findings": [...]
+}
+```
+
+## Exit Codes
+
+- `0` — Clean (no findings)
+- `1` — Findings detected
+
+Use in CI/CD:
+```bash
+compliance-scanner . --no-upload --quiet || echo "SECRETS DETECTED"
+```
+
+## License
+
+MIT

compliance_scanner-1.0.0/compliance_scanner/__init__.py

@@ -0,0 +1,3 @@
+"""Compliance Scanner — scan codebases for leaked secrets and credentials."""
+
+__version__ = "1.0.0"

compliance_scanner-1.0.0/compliance_scanner/cli.py

@@ -0,0 +1,152 @@
+#!/usr/bin/env python3
+"""CLI entry point for compliance-scanner."""
+
+import argparse
+import sys
+from compliance_scanner.scanner import scan_directory, DEFAULT_IGNORE_DIRS
+from compliance_scanner.report import print_report, print_and_upload
+from compliance_scanner import __version__
+
+
+def build_parser() -> argparse.ArgumentParser:
+    parser = argparse.ArgumentParser(
+        prog="compliance-scanner",
+        description="Scan codebases for leaked secrets, API keys, and credentials.",
+        epilog="Examples:\n"
+               "  compliance-scanner .\n"
+               "  compliance-scanner /path/to/project --no-upload\n"
+               "  compliance-scanner . --json --output report.json\n"
+               "  compliance-scanner . --expiry 7 --ignore .env,.secrets",
+        formatter_class=argparse.RawDescriptionHelpFormatter,
+    )
+
+    parser.add_argument(
+        "directory",
+        nargs="?",
+        default=".",
+        help="Directory to scan (default: current directory)",
+    )
+
+    parser.add_argument(
+        "--version",
+        action="version",
+        version=f"%(prog)s {__version__}",
+    )
+
+    parser.add_argument(
+        "--no-upload",
+        action="store_true",
+        help="Don't upload report to dpaste.org (local print only)",
+    )
+
+    parser.add_argument(
+        "--json",
+        action="store_true",
+        help="Output report as JSON",
+    )
+
+    parser.add_argument(
+        "--output", "-o",
+        type=str,
+        help="Save report to file (default: stdout only)",
+    )
+
+    parser.add_argument(
+        "--expiry",
+        type=int,
+        default=30,
+        help="Days until online report expires (default: 30)",
+    )
+
+    parser.add_argument(
+        "--ignore",
+        type=str,
+        help="Comma-separated directory names to ignore (in addition to defaults)",
+    )
+
+    parser.add_argument(
+        "--max-items",
+        type=int,
+        default=200,
+        help="Maximum findings to show (default: 200)",
+    )
+
+    parser.add_argument(
+        "--file-glob",
+        type=str,
+        help="Only scan files matching glob pattern (e.g., '*.py')",
+    )
+
+    parser.add_argument(
+        "--quiet", "-q",
+        action="store_true",
+        help="Suppress progress output",
+    )
+
+    return parser
+
+
+def main():
+    parser = build_parser()
+    args = parser.parse_args()
+
+    # Build ignore set
+    ignore_dirs = DEFAULT_IGNORE_DIRS.copy()
+    if args.ignore:
+        for d in args.ignore.split(","):
+            d = d.strip()
+            if d:
+                ignore_dirs.add(d)
+
+    if not args.quiet:
+        print(f"Compliance Scanner v{__version__}")
+        print(f"Scanning: {args.directory}")
+        print("...")
+
+    # Run scan
+    result = scan_directory(
+        root_dir=args.directory,
+        ignore_dirs=ignore_dirs,
+        file_glob=args.file_glob,
+    )
+
+    ranked = result.unique_findings
+
+    if not args.quiet:
+        print(f"Scanned {result.files_scanned} files")
+
+    # Output
+    if args.json:
+        from compliance_scanner.report import format_json_report
+        report = format_json_report(ranked, root_dir=args.directory, files_scanned=result.files_scanned)
+    else:
+        from compliance_scanner.report import format_report
+        report = format_report(ranked, root_dir=args.directory, files_scanned=result.files_scanned)
+
+    print("\n" + report)
+
+    # Save to file if requested
+    if args.output:
+        with open(args.output, "w") as f:
+            f.write(report)
+        if not args.quiet:
+            print(f"\nReport saved to: {args.output}")
+
+    # Upload unless disabled
+    if not args.no_upload and not args.json:
+        print("\n" + "=" * 60)
+        print("Uploading report to dpaste.org ...")
+        try:
+            from compliance_scanner.report import upload_to_dpaste
+            link = upload_to_dpaste(report, args.expiry)
+            print(f"Report URL: {link}")
+            print(f"(Expires in {args.expiry} days)")
+        except Exception as e:
+            print(f"Upload failed: {e}")
+
+    # Exit code: 0 if clean, 1 if findings
+    sys.exit(0 if not ranked else 1)
+
+
+if __name__ == "__main__":
+    main()

compliance_scanner-1.0.0/compliance_scanner/report.py

@@ -0,0 +1,121 @@
+"""Report formatting and online upload (dpaste.org)."""
+
+import os
+import urllib.request
+import urllib.parse
+from typing import Optional
+
+DPASTE_URL = "https://dpaste.org/api/"
+DPASTE_EXPIRY_DAYS = 30
+
+
+def format_report(
+    ranked: list,
+    max_items: int = 200,
+    root_dir: str = ".",
+    files_scanned: int = 0,
+) -> str:
+    """Format scan results into a clean text report."""
+    lines = []
+    lines.append("=" * 60)
+    lines.append("COMPLIANCE SCAN — SECRET/CREDENTIAL DETECTION REPORT")
+    lines.append("=" * 60)
+    lines.append("")
+    lines.append(f"Scan root      : {os.path.abspath(root_dir)}")
+    lines.append(f"Files scanned  : {files_scanned}")
+    lines.append("")
+
+    if not ranked:
+        lines.append("STATUS: CLEAN")
+        lines.append("No potential secrets or credentials detected.")
+    else:
+        lines.append(f"STATUS: {len(ranked)} POTENTIAL FINDINGS")
+        lines.append(f"Showing top {min(max_items, len(ranked))} by score")
+        lines.append("")
+
+        for i, item in enumerate(ranked[:max_items], start=1):
+            lines.append(f"Rank     : {i}")
+            lines.append(f"Score    : {item.score}")
+            lines.append(f"Variable : {item.variable}")
+            lines.append(f"Value    : {item.value}")
+            lines.append(f"File     : {item.file}")
+            lines.append(f"Line     : {item.line}")
+            lines.append(f"Pattern  : {item.pattern_name}")
+            lines.append("-" * 60)
+
+    lines.append("")
+    lines.append("Generated by compliance-scanner v1.0.0")
+    return "\n".join(lines)
+
+
+def format_json_report(ranked: list, root_dir: str = ".", files_scanned: int = 0) -> str:
+    """Format scan results as JSON."""
+    import json
+
+    report = {
+        "scan_root": os.path.abspath(root_dir),
+        "files_scanned": files_scanned,
+        "total_findings": len(ranked),
+        "status": "clean" if not ranked else "findings_detected",
+        "findings": [item.to_dict() for item in ranked],
+    }
+
+    return json.dumps(report, indent=2)
+
+
+def upload_to_dpaste(text: str, expiry_days: int = 30) -> str:
+    """Upload text to dpaste.org and return the shareable URL."""
+    data = urllib.parse.urlencode({
+        "content": text,
+        "syntax": "text",
+        "expiry_days": str(expiry_days),
+    }).encode()
+
+    req = urllib.request.Request(
+        DPASTE_URL,
+        data=data,
+        headers={"Content-Type": "application/x-www-form-urlencoded"},
+        method="POST",
+    )
+
+    with urllib.request.urlopen(req, timeout=30) as resp:
+        return resp.read().decode().strip()
+
+
+def print_report(ranked: list, root_dir: str = ".", files_scanned: int = 0) -> str:
+    """Print report locally."""
+    report = format_report(ranked, root_dir=root_dir, files_scanned=files_scanned)
+    print("\n" + report)
+    return report
+
+
+def print_and_upload(
+    ranked: list,
+    root_dir: str = ".",
+    files_scanned: int = 0,
+    expiry_days: int = 30,
+    upload: bool = True,
+    json_output: bool = False,
+) -> Optional[str]:
+    """Print report and optionally upload to dpaste."""
+    if json_output:
+        report = format_json_report(ranked, root_dir=root_dir, files_scanned=files_scanned)
+    else:
+        report = format_report(ranked, root_dir=root_dir, files_scanned=files_scanned)
+
+    print("\n" + report)
+
+    if not upload:
+        return None
+
+    print("\n" + "=" * 60)
+    print("Uploading report to dpaste.org ...")
+
+    try:
+        link = upload_to_dpaste(report, expiry_days)
+        print(f"Report URL: {link}")
+        print(f"(Expires in {expiry_days} days)")
+        return link
+    except Exception as e:
+        print(f"Upload failed: {e}")
+        return None

compliance_scanner-1.0.0/compliance_scanner/scanner.py

@@ -0,0 +1,231 @@
+"""Core scanning engine — pattern matching, entropy scoring, file walking."""
+
+import os
+import re
+import math
+from dataclasses import dataclass, field
+from typing import Optional
+
+# Default directories to skip
+DEFAULT_IGNORE_DIRS = {
+    ".git",
+    "node_modules",
+    ".venv",
+    "venv",
+    "__pycache__",
+    ".idea",
+    ".vscode",
+    "dist",
+    "build",
+    ".tox",
+    ".mypy_cache",
+    ".pytest_cache",
+    "coverage",
+    ".coverage",
+    ".nyc_output",
+    ".sass-cache",
+}
+
+# Binary file extensions to skip
+BINARY_EXTENSIONS = {
+    ".png", ".jpg", ".jpeg", ".gif", ".bmp", ".ico", ".svg", ".webp",
+    ".mp3", ".mp4", ".avi", ".mov", ".wmv", ".flv", ".webm",
+    ".zip", ".tar", ".gz", ".bz2", ".7z", ".rar",
+    ".exe", ".dll", ".so", ".dylib", ".bin",
+    ".pdf", ".doc", ".docx", ".xls", ".xlsx",
+    ".pyc", ".pyo", ".class", ".o", ".obj",
+}
+
+# Regex patterns for common secret formats
+PATTERNS = [
+    # Long alphanumeric strings (potential API keys)
+    r'[A-Za-z0-9_\-]{32,}',
+    # Base64-encoded strings
+    r'[A-Za-z0-9+/]{40,}={0,2}',
+    # JWT tokens
+    r'eyJ[A-Za-z0-9_\-]+\.[A-Za-z0-9_\-]+\.[A-Za-z0-9_\-]+',
+    # AWS access key IDs
+    r'AKIA[0-9A-Z]{16}',
+    # GitHub personal access tokens
+    r'ghp_[A-Za-z0-9]{36}',
+    # GitHub OAuth tokens
+    r'gho_[A-Za-z0-9]{36}',
+    # GitHub App tokens
+    r'(ghu|ghs|ghr)_[A-Za-z0-9]{36}',
+    # Slack tokens
+    r'xox[bprs]-[A-Za-z0-9\-]+',
+    # Stripe keys
+    r'sk_live_[A-Za-z0-9]+',
+    r'pk_live_[A-Za-z0-9]+',
+    # Google API keys
+    r'AIza[0-9A-Za-z_\-]{35}',
+    # Heroku API keys
+    r'[hH]eroku[0-9a-fA-F]{32}',
+    # Generic "key/secret/token/password" assignments
+    r'(?:key|secret|token|password|api_key|apikey|api_secret)\s*[:=]\s*["\']?[A-Za-z0-9_\-]{16,}',
+]
+
+
+@dataclass
+class Finding:
+    """A single secret finding."""
+    variable: str
+    value: str
+    score: int
+    file: str
+    line: int
+    pattern_name: str = "generic"
+
+    def to_dict(self) -> dict:
+        return {
+            "variable": self.variable,
+            "value": self.value,
+            "score": self.score,
+            "file": self.file,
+            "line": self.line,
+            "pattern_name": self.pattern_name,
+        }
+
+
+@dataclass
+class ScanResult:
+    """Aggregated scan results."""
+    findings: list = field(default_factory=list)
+    files_scanned: int = 0
+    errors: list = field(default_factory=list)
+    root_dir: str = ""
+
+    @property
+    def unique_findings(self) -> list:
+        """Deduplicated findings ranked by score."""
+        seen = {}
+        for f in self.findings:
+            if f.value not in seen or f.score > seen[f.value].score:
+                seen[f.value] = f
+        return sorted(seen.values(), key=lambda x: x.score, reverse=True)
+
+    @property
+    def has_findings(self) -> bool:
+        return len(self.unique_findings) > 0
+
+
+def entropy(s: str) -> float:
+    """Calculate Shannon entropy of a string."""
+    if not s:
+        return 0.0
+    freq = {}
+    for c in s:
+        freq[c] = freq.get(c, 0) + 1
+    length = len(s)
+    return -sum((count / length) * math.log2(count / length) for count in freq.values())
+
+
+def score_candidate(value: str) -> int:
+    """Score a candidate string based on length, entropy, and character diversity."""
+    score = 0
+    score += min(len(value), 100)
+
+    e = entropy(value)
+
+    if e > 4.0:
+        score += 50
+    if e > 4.5:
+        score += 50
+    if re.search(r"[A-Z]", value):
+        score += 20
+    if re.search(r"[a-z]", value):
+        score += 20
+    if re.search(r"\d", value):
+        score += 20
+    if re.search(r"[_\-+=/]", value):
+        score += 20
+
+    return score
+
+
+def extract_variables(line: str) -> list:
+    """Extract variable assignments that look like secrets."""
+    candidates = []
+    matches = re.finditer(
+        r'([A-Za-z_][A-Za-z0-9_]*)\s*[:=]\s*[\'"]?([A-Za-z0-9_\-+=/.]{16,})[\'"]?',
+        line,
+    )
+    for match in matches:
+        candidates.append((match.group(1), match.group(2)))
+    return candidates
+
+
+def is_binary_file(path: str) -> bool:
+    """Check if a file is likely binary by extension."""
+    _, ext = os.path.splitext(path)
+    return ext.lower() in BINARY_EXTENSIONS
+
+
+def scan_file(path: str) -> list:
+    """Scan a single file for potential secrets."""
+    findings = []
+
+    if is_binary_file(path):
+        return findings
+
+    try:
+        with open(path, "r", encoding="utf-8", errors="ignore") as f:
+            for lineno, line in enumerate(f, 1):
+                # Check variable assignments
+                for var_name, value in extract_variables(line):
+                    findings.append(Finding(
+                        variable=var_name,
+                        value=value,
+                        score=score_candidate(value),
+                        file=path,
+                        line=lineno,
+                        pattern_name="variable_assignment",
+                    ))
+
+                # Check regex patterns
+                for pattern in PATTERNS:
+                    for match in re.finditer(pattern, line):
+                        value = match.group(0)
+                        findings.append(Finding(
+                            variable="(unknown)",
+                            value=value,
+                            score=score_candidate(value),
+                            file=path,
+                            line=lineno,
+                            pattern_name="pattern_match",
+                        ))
+    except Exception as e:
+        return findings
+
+    return findings
+
+
+def scan_directory(
+    root_dir: str = ".",
+    ignore_dirs: Optional[set] = None,
+    file_glob: Optional[str] = None,
+) -> ScanResult:
+    """Walk a directory tree and scan all files for secrets."""
+    if ignore_dirs is None:
+        ignore_dirs = DEFAULT_IGNORE_DIRS.copy()
+
+    result = ScanResult(root_dir=os.path.abspath(root_dir))
+
+    for root, dirs, files in os.walk(root_dir):
+        # Filter ignored directories
+        dirs[:] = [d for d in dirs if d not in ignore_dirs]
+
+        for filename in files:
+            filepath = os.path.join(root, filename)
+
+            # Optional file glob filter
+            if file_glob:
+                import fnmatch
+                if not fnmatch.fnmatch(filename, file_glob):
+                    continue
+
+            findings = scan_file(filepath)
+            result.findings.extend(findings)
+            result.files_scanned += 1
+
+    return result

compliance_scanner-1.0.0/compliance_scanner.egg-info/PKG-INFO

@@ -0,0 +1,134 @@
+Metadata-Version: 2.4
+Name: compliance-scanner
+Version: 1.0.0
+Summary: Scan codebases for leaked secrets, API keys, and credentials. Compliance-grade reporting with online report sharing.
+Author: Naufal
+License: MIT
+Project-URL: Homepage, https://github.com/naufal/compliance-scanner
+Project-URL: Repository, https://github.com/naufal/compliance-scanner
+Project-URL: Issues, https://github.com/naufal/compliance-scanner/issues
+Keywords: security,compliance,secrets,scanner,credentials,api-keys
+Classifier: Development Status :: 4 - Beta
+Classifier: Intended Audience :: Developers
+Classifier: Intended Audience :: System Administrators
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Topic :: Security
+Classifier: Topic :: Software Development :: Quality Assurance
+Requires-Python: >=3.9
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Dynamic: license-file
+
+# compliance-scanner
+
+Scan codebases for leaked secrets, API keys, and credentials. Compliance-grade reporting with online report sharing.
+
+## Installation
+
+```bash
+# From PyPI (when published)
+pip install compliance-scanner
+
+# From source
+git clone https://github.com/naufal/compliance-scanner.git
+cd compliance-scanner
+pip install .
+```
+
+## Usage
+
+```bash
+# Scan current directory
+compliance-scanner .
+
+# Scan specific path
+compliance-scanner /path/to/project
+
+# Local only (no online upload)
+compliance-scanner . --no-upload
+
+# JSON output
+compliance-scanner . --json --output report.json
+
+# Custom expiry for online report
+compliance-scanner . --expiry 7
+
+# Ignore additional directories
+compliance-scanner . --ignore .env,.secrets
+
+# Scan only Python files
+compliance-scanner . --file-glob "*.py"
+
+# Quiet mode
+compliance-scanner . -q
+```
+
+## What It Detects
+
+- High-entropy strings (potential API keys, tokens)
+- Variable assignments with secrets (`API_KEY=...`, `SECRET=...`)
+- JWT tokens (`eyJ...`)
+- AWS access keys (`AKIA...`)
+- GitHub tokens (`ghp_...`, `gho_...`, `ghs_...`)
+- Slack tokens (`xoxb-...`, `xoxp-...`)
+- Stripe keys (`sk_live_...`, `pk_live_...`)
+- Google API keys (`AIza...`)
+- Base64-encoded strings
+- Generic long alphanumeric strings
+
+## Output
+
+### Terminal
+```
+============================================================
+COMPLIANCE SCAN — SECRET/CREDENTIAL DETECTION REPORT
+============================================================
+
+Scan root      : /path/to/project
+Files scanned  : 42
+
+STATUS: 3 POTENTIAL FINDINGS
+Showing top 3 by score
+
+Rank     : 1
+Score    : 200
+Variable : API_KEY
+Value    : sk_live_abc123...
+File     : /path/to/config.py
+Line     : 15
+------------------------------------------------------------
+```
+
+### Online Report
+Reports are uploaded to [dpaste.org](https://dpaste.org) with configurable expiry (default: 30 days). Share the URL with your team for compliance reviews.
+
+### JSON
+```json
+{
+  "scan_root": "/path/to/project",
+  "files_scanned": 42,
+  "total_findings": 3,
+  "status": "findings_detected",
+  "findings": [...]
+}
+```
+
+## Exit Codes
+
+- `0` — Clean (no findings)
+- `1` — Findings detected
+
+Use in CI/CD:
+```bash
+compliance-scanner . --no-upload --quiet || echo "SECRETS DETECTED"
+```
+
+## License
+
+MIT

compliance_scanner-1.0.0/compliance_scanner.egg-info/SOURCES.txt

@@ -0,0 +1,13 @@
+LICENSE
+README.md
+pyproject.toml
+setup.py
+compliance_scanner/__init__.py
+compliance_scanner/cli.py
+compliance_scanner/report.py
+compliance_scanner/scanner.py
+compliance_scanner.egg-info/PKG-INFO
+compliance_scanner.egg-info/SOURCES.txt
+compliance_scanner.egg-info/dependency_links.txt
+compliance_scanner.egg-info/entry_points.txt
+compliance_scanner.egg-info/top_level.txt

compliance_scanner-1.0.0/compliance_scanner.egg-info/dependency_links.txt

@@ -0,0 +1 @@
+

compliance_scanner-1.0.0/compliance_scanner.egg-info/entry_points.txt

@@ -0,0 +1,2 @@
+[console_scripts]
+compliance-scanner = compliance_scanner.cli:main

compliance_scanner-1.0.0/compliance_scanner.egg-info/top_level.txt

@@ -0,0 +1,2 @@
+compliance_scanner
+dist

compliance_scanner-1.0.0/pyproject.toml

@@ -0,0 +1,40 @@
+[build-system]
+requires = ["setuptools>=45", "wheel"]
+build-backend = "setuptools.build_meta"
+
+[project]
+name = "compliance-scanner"
+version = "1.0.0"
+description = "Scan codebases for leaked secrets, API keys, and credentials. Compliance-grade reporting with online report sharing."
+readme = "README.md"
+license = {text = "MIT"}
+requires-python = ">=3.9"
+authors = [
+    {name = "Naufal"},
+]
+keywords = ["security", "compliance", "secrets", "scanner", "credentials", "api-keys"]
+classifiers = [
+    "Development Status :: 4 - Beta",
+    "Intended Audience :: Developers",
+    "Intended Audience :: System Administrators",
+    "License :: OSI Approved :: MIT License",
+    "Operating System :: OS Independent",
+    "Programming Language :: Python :: 3",
+    "Programming Language :: Python :: 3.9",
+    "Programming Language :: Python :: 3.10",
+    "Programming Language :: Python :: 3.11",
+    "Programming Language :: Python :: 3.12",
+    "Topic :: Security",
+    "Topic :: Software Development :: Quality Assurance",
+]
+
+[project.scripts]
+compliance-scanner = "compliance_scanner.cli:main"
+
+[project.urls]
+Homepage = "https://github.com/naufal/compliance-scanner"
+Repository = "https://github.com/naufal/compliance-scanner"
+Issues = "https://github.com/naufal/compliance-scanner/issues"
+
+[tool.setuptools.packages.find]
+where = ["."]

compliance_scanner-1.0.0/setup.cfg

@@ -0,0 +1,4 @@
+[egg_info]
+tag_build = 
+tag_date = 0
+

compliance_scanner-1.0.0/setup.py

@@ -0,0 +1,12 @@
+from setuptools import setup, find_packages
+
+setup(
+    name="compliance-scanner",
+    version="1.0.0",
+    packages=find_packages(),
+    entry_points={
+        "console_scripts": [
+            "compliance-scanner=compliance_scanner.cli:main",
+        ],
+    },
+)