Question 1

How do I set up dodgy as a pre-commit hook?

Accepted Answer

Install dodgy via pip, then configure it in your Git pre-commit hook script. The README recommends this to automatically block commits with suspicious patterns, ensuring early detection.

Question 2

Dodgy vs Bandit: which is better for Python security?

Accepted Answer

Dodgy is lighter and focuses on regex-based detection of secrets and diff checkins, ideal for pre-commit hooks. Bandit offers broader static analysis for various security issues, making it better for comprehensive audits.

Question 3

What types of secrets does dodgy actually find?

Accepted Answer

Dodgy detects hardcoded passwords, API keys, and similar credentials using regex patterns, as well as accidental SCM diff inclusions. It's designed for obvious patterns but may miss nuanced cases.

Question 4

Can I ignore certain files or patterns with dodgy?

Accepted Answer

Currently, dodgy lacks advanced configuration options, so ignoring specific files or patterns requires modifying the source code or workarounds, as noted in the README's caveats.

Question 5

Is dodgy good for large enterprise codebases?

Accepted Answer

It's best for smaller or open-source projects due to its simplicity; for large enterprises, more robust tools with detailed reporting and compliance features might be necessary.

Dodgy

What is Dodgy?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions