Review your Python or Go codebase against the relevant SecGuide checklist to find and fix common vulnerabilities.
Use the guides as a basis for writing automated security scanning rules in your CI pipeline.
Onboard new team members by giving them the language-specific guide as a secure coding reference before code review.
| tencent/secguide | microsoft/lora | cookiecutter/cookiecutter-django | |
|---|---|---|---|
| Stars | 13,517 | 13,517 | 13,512 |
| Language | — | Python | Python |
| Setup difficulty | easy | moderate | moderate |
| Complexity | 1/5 | 4/5 | 3/5 |
| Audience | developer | researcher | developer |
Figures from each repo's GitHub metadata at analysis time.
This repository is a code security guide published by Tencent. It is written in Chinese and aimed at software developers who want practical guidance on writing code that avoids common security vulnerabilities. The goal is to describe risks at the level of individual programming APIs and functions, and then provide clear, workable solutions for each risk. The guide covers six programming languages: C and C++, JavaScript, Node.js, Go, Java, and Python. Each language has its own document that walks through security concerns relevant to that language. The approach is rooted in DevSecOps, a way of thinking that treats security as something developers address from the start rather than something that security specialists review later. The guides are intended for everyday reference by developers, as a basis for writing automated security scanning rules, and as reference material when fixing known vulnerabilities. The content is shared under a Creative Commons license, and community contributions and corrections are welcome.
Tencent's SecGuide gives developers a practical, language-by-language checklist for avoiding common security bugs in C/C++, JavaScript, Node.js, Go, Java, and Python.
Shared under a Creative Commons license, community contributions and corrections are welcome.
Setup difficulty is rated easy, with roughly 5min to a first successful run.
Mainly developer.
This repo across BitVibe Labs
Verify against the repo before relying on details.