dugout 0.1.6

Git-native secrets manager for development teams, written in Rust
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50

//! Audit command - scan git history for leaked secrets.

use crate::cli::output;
use crate::core::domain::audit;
use crate::error::Result;
use std::process::{Command, Stdio};

/// Check if we're in a git repository.
fn is_git_repo() -> bool {
    Command::new("git")
        .args(["rev-parse", "--is-inside-work-tree"])
        .stdout(Stdio::null())
        .stderr(Stdio::null())
        .status()
        .map(|s| s.success())
        .unwrap_or(false)
}

/// Scan git history for leaked secrets.
pub fn execute() -> Result<()> {
    // Check if we're in a git repository
    if !is_git_repo() {
        output::warn("not a git repository");
        return Ok(());
    }

    let findings = audit::scan_git_history()?;

    if findings.is_empty() {
        output::success("no issues found");
    } else {
        output::warn(&format!("{} potential issues found", findings.len()));

        // Show high severity findings
        let high: Vec<_> = findings
            .iter()
            .filter(|f| f.severity == audit::Severity::High)
            .collect();

        for finding in high.iter().take(5) {
            output::list_item(&format!("{}", finding));
        }

        if findings.len() > 5 {
            output::hint(&format!("... and {} more", findings.len() - 5));
        }
    }

    Ok(())
}