secguide
面向开发人员梳理的代码安全指南
Tencent's SecGuide gives developers a practical, language-by-language checklist for avoiding common security bugs in C/C++, JavaScript, Node.js, Go, Java, and Python.
This repository is a code security guide published by Tencent. It is written in Chinese and aimed at software developers who want practical guidance on writing code that avoids common security vulnerabilities. The goal is to describe risks at the level of individual programming APIs and functions, and then provide clear, workable solutions for each risk.
The guide covers six programming languages: C and C++, JavaScript, Node.js, Go, Java, and Python. Each language has its own document that walks through security concerns relevant to that language. The approach is rooted in DevSecOps, a way of thinking that treats security as something developers address from the start rather than something that security specialists review later.
The guides are intended for everyday reference by developers, as a basis for writing automated security scanning rules, and as reference material when fixing known vulnerabilities. The content is shared under a Creative Commons license, and community contributions and corrections are welcome.
Where it fits
- Review your Python or Go codebase against the relevant SecGuide checklist to find and fix common vulnerabilities.
- Use the guides as a basis for writing automated security scanning rules in your CI pipeline.
- Onboard new team members by giving them the language-specific guide as a secure coding reference before code review.