Precaution provides simple, automated code reviews for GitHub projects by running code linters with a security focus on all pull requests.
GitHub integration is made through the GitHub app interface and the checks API (beta), which allows results to be presented directly as inline annotations instead of a pass/fail status report.
Precaution currently supports analysis of:
- Go files via Gosec
- JavaScript and TypeScript via TSLint and tslint-config-security
- Python files via Bandit
New languages may be added in future, please file an issue for your language/linter of choice.
- Documentation: SecurityApps/precaution/docs
- Source: SecurityApps/precaution
- Bugs: SecurityApps/precaution/issues
-
You can install Precaution from here: https://github.com/apps/precaution
-
Then choose the profile you want to connect Precaution with.
-
Next you have to choose which repositories you want to enable Precaution on.
-
Review and accept the permissions for the GitHub app. These are the minimal permissions required to read the pull request contents and communicate with the checks API.
-
Done! Now Precaution is installed on your repositories.
The Precaution project team welcomes contributions from the community. For more detailed information, refer to CONTRIBUTING.md.
BSD-2 License