Can I bypass the security checks if necessary?

Local hooks can be bypassed using the --no-verify flag, but the GitHub Actions workflow runs on the server and cannot be bypassed, ensuring project-wide compliance.

Does this work for both Python and JavaScript projects?

Yes, the pre-push hooks include specific security checks for both ecosystems, including npm audit for Node.js and safety check for Python.

What happens if I use placeholder keys in my environment files?

The scanner is designed to recognize safe placeholder patterns like 'your_key_here' or 'TODO' and will allow those to be committed in .env.example files.

Is the commit message format customizable?

The skill enforces the Conventional Commits standard (feat, fix, chore, etc.), which is the industry standard for automated changelog generation and versioning.

How does this skill prevent API key leaks?

It installs a pre-commit hook that scans your staged files for known patterns of API keys (like Anthropic, OpenAI, AWS) and blocks the commit if a match is found.

Git Security & Quality Hooks

Name: Git Security & Quality Hooks
Author: vanman2024

byvanman2024

보안 및 테스팅

Automates security scanning and quality enforcement through a two-layer system of local Git hooks and GitHub Actions.

소개

This skill establishes a robust security perimeter for development projects by integrating local Git hooks with automated server-side workflows. It prevents the accidental exposure of sensitive information—such as API keys for Anthropic, OpenAI, and cloud providers—before they reach your repository. Beyond security, the skill enforces standardized commit messages and performs dependency audits to ensure code quality. By combining client-side prevention with non-bypassable GitHub Actions, it provides a comprehensive framework for maintaining a secure and professional development lifecycle.

주요 기능

Server-side GitHub Actions workflow for non-bypassable security enforcement
Multi-layer secret scanning for AI keys, cloud credentials, and database strings
0 GitHub stars
Automated dependency audits including npm audit and Python safety checks
Automated generation of security reports and PR comments
Enforced conventional commit message formatting (type(scope): description)

사용 사례

Preventing accidental leaks of Anthropic or OpenAI API keys in public and private repos
Standardizing commit history across large teams using conventional commit rules
Implementing automated weekly security vulnerability scans for long-term project maintenance

소개

주요 기능

Server-side GitHub Actions workflow for non-bypassable security enforcement
Multi-layer secret scanning for AI keys, cloud credentials, and database strings
0 GitHub stars
Automated dependency audits including npm audit and Python safety checks
Automated generation of security reports and PR comments
Enforced conventional commit message formatting (type(scope): description)

사용 사례

Preventing accidental leaks of Anthropic or OpenAI API keys in public and private repos
Standardizing commit history across large teams using conventional commit rules
Implementing automated weekly security vulnerability scans for long-term project maintenance