Add some tests so that the functionality of gss can be tested.

Also, add a CI pipeline using travis to do the following:

• Run pep8 linter as the first check
• Run tests

Also, add the following things in your repo:

• Enable deepsource for code quality checks
• Run security checks using checkmarx (you are a security guy :P )
• enable dependabot

• Remove all hard coding. Things like these - https://github.com/logicbomb-1/github-secret-scan/blob/master/gss.py#L257
• Use url.join() method for this https://github.com/logicbomb-1/github-secret-scan/blob/master/gss.py#L251
• Remove the hard coding - https://github.com/logicbomb-1/github-secret-scan/blob/master/gss.py#L250
• Dont use print. This will work only with python 2. in Python 3, this changes to the print() function. Better would be to use the print functionality in click. It takes care of a lot of cross platform issues while building CLI tools. https://github.com/logicbomb-1/github-secret-scan/blob/master/gss.py#L241
• Remove dead code - https://github.com/logicbomb-1/github-secret-scan/blob/master/gss.py#L120

Function names

Function names are supposed to be verbs and not nouns. Counsider this for example - https://github.com/logicbomb-1/github-secret-scan/blob/master/gss.py#L102

user_repo is not a good function name because it is a noun. From what I understand, a better name for this would be get_user_repo_list

Exception Handling

Printing exceptions is not really much of exception handling. See this - https://github.com/logicbomb-1/github-secret-scan/blob/master/gss.py#L97. What do you want to do if this error comes? Just continue? Why not fail?

Also, it is important to treat the stdin stream for what it is meant for. The stdin stream must be used to print only things that are not errors because it makes it hard to pipe the response to another command for further processing. The right way to print this to the console would be to print it to stderr. Use click to do this.

Global Variables

Dont use global variables unless you really have to. https://github.com/logicbomb-1/github-secret-scan/blob/master/gss.py#L29

Firstly, prefer using click. It is cross platform and is generally a much better library to use than argparse.

Also, add support for the following options:

• --help for the CLI. Click has support for this.
• --username - so that a user can be scanned
• --repo - what about scanning only one repo? It is possible that someone wants to scan only one or more of their repos. It should be possible to do that.

Read more about packaging here: https://packaging.python.org/

As a result, I would like to be able to use this tool by doing so:

pip install gss

Make it more specific because there are other services that also use the term access token. Call it something like gh_access_token.

Also, environment variables are better when they are in all caps. That's the general convention. So call it something like GH_ACCESS_TOKEN