Stop leaking API keys and hardcoded passwords to GitHub. Forever.
Features • Installation • Usage • Auto-Fix • Contributing
Every day, thousands of developers accidentally commit secrets to public repositories:
# ❌ This is what CodeSentinel catches before it's too late:
aws_secret = "AKIA1234567890ABCDEF"
result = eval(user_input)Once a secret hits GitHub — it's already compromised. CodeSentinel stops it before it ever leaves your machine.
| Feature | Description |
|---|---|
| 🔍 Secret Detection | Finds hardcoded API keys, tokens & passwords using AST + entropy analysis |
| 🦠 Malicious Pattern Scanner | Detects dangerous calls like eval(), exec() and unsafe subprocess usage |
| 🔧 Auto-Fix Engine | Automatically moves secrets to .env and replaces them with os.getenv() |
| 🖥️ Modern GUI | Dark corporate UI built with CustomTkinter — no terminal required |
| 🌍 Bilingual | Full English & Turkish interface support (switch with one click) |
| 🔒 Zero Trust Logging | Secrets are always masked in logs — raw values never appear on screen |
| ⚡ Optimized | O(N) AST traversal, pre-compiled regex patterns, thread-safe scanning |
| 🎯 Pre-commit Ready | Works as a CLI tool you can plug into Git hooks |
Coming soon — drop a star and check back!
- Go to Releases
- Download the latest
CodeSentinel.zip - Extract and run
CodeSentinel.exe
Prerequisites: Python 3.10+
# Clone the repository
git clone https://github.com/agumusfu/CodeSentinel.git
cd CodeSentinel
# Install dependencies
pip install -r requirements.txt
# Launch the GUI
python main.pypython main.pyLaunch the application, click "Select File / Directory", toggle Auto-Fix, and hit "Start Scan".
# Scan specific files
python main.py suspicious_file.py --lang en
# Scan and auto-fix secrets
python main.py suspicious_file.py --fix
# Scan in Turkish
python main.py myapp.py --lang tr --fixExit codes:
0— No issues found ✅1— Issues detected (use in CI/CD pipelines)
CodeSentinel doesn't just find secrets — it fixes them automatically:
# BEFORE: Your code with a hardcoded secret
aws_key = "AKIA1234567890ABCDEF"# AFTER: CodeSentinel rewrites this safely
import os
aws_key = os.getenv('SECRET_A42895')# .env file is created automatically:
SECRET_A42895=AKIA1234567890ABCDEF
⚠️ Remember: Add.envto your.gitignore! (CodeSentinel's.gitignorealready does this for you.)
- AWS Access Keys (
AKIA...) - High-entropy strings (likely tokens/passwords) ≥ 32 characters
- Generic hardcoded credentials
eval()calls with variable inputsexec()usage- Unsafe dynamic execution patterns
CodeSentinel/
├── main.py # Entry point (GUI or CLI)
├── requirements.txt # Dependencies
├── locales/
│ ├── en.json # English strings
│ └── tr.json # Turkish strings
└── codesentinel/
├── scanner.py # AST-based scan engine (O(N))
├── remediator.py # Auto-fix engine (.env writer)
├── i18n.py # Bilingual string manager
├── cli.py # Command-line interface
└── gui.py # CustomTkinter GUI
- Zero Trust — Never assume input is safe. Every string is a potential attack vector.
- Zero Raw Secret Logging — All secrets are masked (
sk-***xyz) before any output. - No External Network Calls — CodeSentinel works 100% offline.
- Standard Library First — Core engine uses only
ast,re,json,osto minimize supply-chain risk.
All output messages, GUI labels and error notifications are fully localized.
python main.py app.py --lang tr # Turkish output
python main.py app.py --lang en # English output (default)In GUI mode, switch languages instantly with the TR / EN toggle in the sidebar.
Contributions are welcome! Here's how:
- Fork the repository
- Create a feature branch:
git checkout -b feature/new-detector - Commit your changes:
git commit -m 'Add: new secret pattern detection' - Push to the branch:
git push origin feature/new-detector - Open a Pull Request
Adding new detection rules? Add your regex pattern to codesentinel/scanner.py and add the corresponding locale strings to both locales/en.json and locales/tr.json.
This project is licensed under the MIT License — see the LICENSE file for details.
Made with ❤️ for developers who care about security.
If CodeSentinel saved you from an embarrassing leak, consider giving it a ⭐