# Git Hound [![Travis](https://img.shields.io/travis/ezekg/git-hound.svg?style=flat-square)](https://travis-ci.org/ezekg/git-hound) [![Code Climate](https://img.shields.io/codeclimate/github/ezekg/git-hound.svg?style=flat-square)](https://codeclimate.com/github/ezekg/git-hound) [![GoDoc](https://img.shields.io/badge/godoc-reference-blue.svg?style=flat-square)](https://godoc.org/github.com/ezekg/git-hound) Hound is a Git plugin that helps prevent sensitive data from being committed into a repository by sniffing potential commits against PCRE regular expressions. ## How does it work? Upon commit, it runs the output of `git diff -U0 --staged` through the Hound, which matches every _added_ or _modified_ line against your provided list of regular expressions from a local `.githound.yml` file. ## Installation To install Hound, please use `go get`. If you don't have Go installed, [get it here](https://golang.org/dl/). If you would like to grab a precompiled binary, head over to the [releases](https://github.com/ezekg/git-hound/releases) page. The precompiled Hound binaries have no external dependencies. ``` go get github.com/ezekg/git-hound ``` If you're on macOS, you can also install using Homebrew: ``` brew install git-hound ``` ## Compiling To compile for your operating system, simply run the following from the root of the project directory: ```bash go install ``` To compile for all platforms using [`gox`](https://github.com/mitchellh/gox), run the following: ```bash gox ``` ## Usage ``` git-hound [] commit [...] git-hound [] sniff [] ``` ### Commit Sniff changes before committing. ```bash # Sniff changes since last commit and pass to git-commit when clean git hound commit … ``` ### Sniff You can optionally pass a commit hash or manually pipe a diff for the Hound to sniff. ```bash # Sniff changes since last commit git hound sniff HEAD # Sniff entire codebase git hound sniff # Sniff entire repo history git log -p | git hound sniff ``` ## Option flags | Flag | Type | Default | Usage | |:---------------|:-------|:----------------|:-------------------------------------------| | `-no-color` | bool | `false` | Disable color output | | `-config=file` | string | `.githound.yml` | Hound config file | | `-bin=file` | string | `git` | Executable binary to use for `git` command | ## Example `.githound.yml` ```yaml # Output warning on match but continue warn: - '(?i)user(name)?\W*[:=,]\W*.+$' - '\/Users\/\w+\/' # Fail immediately upon match fail: - '[''"](?!.*[\s])(?=.*[A-Za-z])(?=.*[0-9])(?=.*[!@#$&*])?.{16,}[''"]' - '(?i)db_(user(name)?|pass(word)?|name)\W*[:=,]\W*.+$' - '(?i)pass(word)?\W*[:=,]\W*.+$' # Skip on matched filename skip: - '\.example$' - '\.sample$' ```