πŸ—‚οΈ Day 5: Managing My Audit Projects with GitHub

ExcelExcel
2 min read

After getting hands-on with Semgrep yesterday, today was all about setting up a clean system to manage my security audit projects β€” and what better tool for that than Git and GitHub?

Here’s a quick recap of what I did:

βœ… Setting Up Git Locally

First, I made sure Git was installed on my machine:

git --version

If it wasn’t installed, I would have set it up via:

sudo apt install git         # for Ubuntu/Debian
brew install git             # for Mac
choco install git            # for Windows (using Chocolatey)

Then, I configured my identity:

git config --global user.name "Your Name"
git config --global user.email "you@example.com"

πŸ“ Creating My GitHub Repository

I created a new repository on GitHub called:

audit-projects

Inside it, I plan to organize:

  • My Semgrep custom rules

  • Findings and reports

  • Remediation plans

  • Scripts and tooling for future audits

After creating the repo, I linked it to my local machine:

git init
git remote add origin https://github.com/yourusername/audit-projects.git

πŸ› οΈ Basic CLI Workflow

I practiced the full Git workflow using the terminal:

# Create or modify files
git add .
git commit -m "Initial commit: added Semgrep rules and first findings"
git push -u origin main

Every time I update my rules or findings, I’ll simply repeat:

git add .
git commit -m "Update: added new XSS detection rule"
git push

πŸ—‚οΈ Organizing the Repo

My folder structure looks like this for now:

 sourcecode-audit-projects/
β”œβ”€β”€ semgrep-rules/
β”‚   β”œβ”€β”€ js-hardcoded-password.yaml
β”‚   └── html-inline-js.yaml
β”œβ”€β”€ findings/
β”‚   β”œβ”€β”€ vulnerable-app-report.md
β”‚   └── web-app-xss-findings.md
└── README.md

Keeping things organized will help me track the progress of different audits, especially when working across multiple projects.Keeping things organized will help me track the progress of different audits, especially when working across multiple projects.

πŸ”₯ Key Takeaways

  • GitHub isn’t just for developers; it’s great for security projects too.

  • Version-controlling audit findings makes collaboration and remediation much easier.

  • Using the Git CLI keeps things fast, simple, and professional.

0
Subscribe to my newsletter

Read articles from Excel directly inside your inbox. Subscribe to the newsletter, and don't miss out.

30DaysOfCodeAuditing#cybersecurity

Written by

Excel
Excel