This project provides a shell script to clone a GitHub repository, install necessary security scanning tools, and run these tools on the cloned repository files. The script ensures that the environment is safe and clean by using a virtual environment for the installations.
The safe_clone.sh script performs the following actions:
- Clones a specified GitHub repository.
- Optionally removes any existing directory of the repository to avoid conflicts (unless the
--cacheflag is provided). - Creates and activates a Python virtual environment named
safe_clone. - Installs
bandit,safety, andpip-auditwithin the virtual environment. - Runs these tools to scan the repository for common security issues.
- Deactivates the virtual environment after the scans are completed.
- Bandit: A security linter for Python source code.
- Safety: Checks Python dependencies for known security vulnerabilities.
- pip-audit: Audits Python environments and dependency trees for known vulnerabilities.
- macOS with
zshshell - Python 3.x
gitinstalled and configuredpip3for managing Python packages
- Ensure you have Python 3.x and
pip3installed on your system. - Ensure you have
gitinstalled and configured. - Clone this repository or download the
safe_clone.shscript.
- Save the
safe_clone.shscript to your desired location. - Make the script executable:
chmod +x safe_clone.sh
- Run the script by providing a GitHub repository URL as an argument:
./safe_clone.sh <github-repo-url> [--cache]
./safe_clone.sh https://github.com/robinhood-unofficial/pyrh.git --cache