Highlights

Hardening pass: modular architecture, pytest test suite, severity classification, pre-commit hook, performance metrics, and security fixes for symlinks, resource exhaustion, ReDoS, and file-overwrite silence.

Features

• Modular scanner architecture (separated CLI, scanning, patterns, output)
• Severity classification (CRITICAL / HIGH / MEDIUM / LOW / INFO) on findings
• pytest test suite + Makefile
• Pre-commit hook configuration (preventive control at earliest pipeline gate)
• Scan performance metrics and timing in output

Bug Fixes

• Symlink scoping: scan only within target directory (prevents reads of e.g. /etc/shadow)
• File size + line length limits to prevent resource exhaustion
• Custom pattern ReDoS protection (regex backtracking guard)
• JSON output file-overwrite warning

Highlights

Initial release. CLI secret scanner for AWS access keys, API tokens, CJI identifiers (ORI, NCIC, FBI numbers), and custom patterns. Produces structured JSON evidence output for compliance pipelines.

Features

• CLI target directory argument with path validation
• Recursive subdirectory scanning
• Binary and permission-denied file handling
• Non-zero exit codes for CI/CD integration
• Line number reporting on findings
• Regex-based pattern detection for AWS keys, tokens, passwords, connection strings
• CJIS CJI-pattern detection (ORI numbers, NCIC codes, FBI numbers, State ID/SID)
• Structured JSON output format for evidence pipelines
• Compliance control mappings documented in README (AU-2, AU-12, CM-6, SI-4, plus CJIS-specific)