Project Deep Dive

Git-Sentinel 🔐

Lightweight Pre-Commit Security Scanner

PythonRegexDevSecOps

Why Git-Sentinel?

Accidentally committing secrets is a costly mistake—exposure in git history is hard to undo. Git-Sentinel solves this for teams and solo developers where heavy enterprise secret-scanning suites are overkill or too noisy for day-to-day workflows.

Zero Noise — scans only git diff --cached (staged changes), not your entire tree every time.
Dev-Friendly — fast feedback at commit time, right where mistakes happen.
Built for Reality — works in Windows / Git Bash / VS Code workflows and fits CI/CD pipelines.

Key Features

Smart Scanning
Regex Detection (AWS, Stripe, Generic Auth patterns, and more)
Hard Block — unsafe commits don't land in history
Explicit Bypass — controlled escape hatch when truly needed
One-Step Setup — minimal ceremony to adopt

How It Works

The Trigger: You run git commit -m "...".
The Scan: Git-Sentinel intercepts the hook and runs a regex scan on staged changes.
The Verdict: ✅ Clean (commit proceeds) or ❌ Secret Found (commit blocked, report displayed).

Installation

Prerequisites

Python 3.6+
Git

python install.py

Intentional Bypass

Rare operational scenarios may require a deliberate bypass. Use only when you understand the risk.

GIT_SENTINEL_BYPASS=I_UNDERSTAND_THE_RISK git commit -m "your message"

[NOTE] This flow is designed to be non-interactive and CI-safe—no prompts that hang automation.

Security Disclaimer

Git-Sentinel is a preventive tool at commit time. It is not a replacement for secret rotation, enterprise secret managers, or comprehensive server-side / repository scanning.

Live Demo Simulation

See how commits are intercepted—clean paths vs. blocked secret detections.

> SYSTEM NOTICE: This interface is currently a simulation demonstrating the expected output of the analysis pipeline. To execute the live machine learning model, please download the working tool from GitHub. Full browser-based execution is coming soon.

dev@repo:~/git-sentinel