🛡️ DOSE Scanner
Dangerous Operations Security Enforcer
DOSE is a lightweight, high-performance, bash-based security scanning tool designed to catch dangerous code patterns, secrets, and vulnerabilities before they ever reach your repository.
🎯 Why DOSE?
In modern development, security shouldn’t be an afterthought. DOSE provides a “Fail Fast” mechanism that integrates directly into your developer workflow.
- ⚡ High Performance: Parallel scanning using all available CPU cores.
- 🛠️ Zero Dependencies: Built entirely on Bash and Perl (available on almost every Unix/macOS system).
- 🔍 Precision Patterns: Carefully tuned regex patterns with word boundaries to minimize false positives.
- 🧩 Modular: Easily extendable with custom security modules.
🚀 At a Glance
Running a scan is as simple as:
It will scan your staged files and block the commit if it finds critical security issues.
⚖️ Security Philosophy
- Block the Bad: Critical issues (like hardcoded keys or eval calls) result in an
exit 1, preventing the commit.
- Warn the Risky: Suspicious patterns (like TODO secrets or path traversal) result in a warning but allow the workflow to continue.
- No Noise: We aim for a Zero Noise Policy—only patterns that represent actual risks are included by default.