git_security_audit: Security audit for Framework projects
In framework: Structured Data Science Project Scaffolding

git_security_audit

R Documentation

Security audit for Framework projects

Description

Performs a comprehensive security audit of data files in Framework projects, checking for unignored data files, git history leaks, and orphaned data files outside configured directories.

Usage

git_security_audit(
  config_file = NULL,
  check_git_history = TRUE,
  history_depth = "all",
  auto_fix = FALSE,
  verbose = TRUE,
  extensions = c("csv", "rds", "tsv", "txt", "dat", "xlsx", "xls", "sqlite", "db", "dta",
    "sav", "zsav", "por", "sas7bdat", "sas7bcat", "xpt", "parquet", "feather", "arrow",
    "json", "xml", "h5", "hdf5")
)

Arguments

`config_file`	Path to configuration file (default: auto-detect settings.yml/settings.yml)
`check_git_history`	Logical; if TRUE (default), check git history for leaked data files
`history_depth`	Character or numeric. "all" for full history, "shallow" for recent 100 commits, or numeric for specific commit count (default: "all")
`auto_fix`	Logical; if TRUE, automatically update .gitignore (default: FALSE)
`verbose`	Logical; if TRUE (default), show progress messages
`extensions`	Character vector of data file extensions to detect (default: common data formats)

Details

The security audit performs the following checks:

gitignore_coverage: Verifies all private data files are in .gitignore
git_history: Scans git history for accidentally committed data files
orphaned_files: Finds data files outside configured directories
private_data_exposure: Checks if private data is tracked by git

Status levels:

pass: No issues found
warning: Potential issues that should be reviewed
fail: Critical security issues requiring immediate action

Value

A structured list containing:

summary: Data frame with check names, status (pass/warning/fail), and counts
findings: List of data frames with detailed findings for each check
recommendations: Character vector of actionable recommendations
audit_metadata: List with audit timestamp, Framework version, and config info

Examples


if (FALSE) {
# Basic audit (report only)
audit <- git_security_audit()
print(audit$summary)
View(audit$findings$orphaned_files)

# Quick scan without git history
audit <- git_security_audit(check_git_history = FALSE)

# Verbose with limited git history
audit <- git_security_audit(history_depth = 100, verbose = TRUE)

# Auto-fix mode (updates .gitignore)
audit <- git_security_audit(auto_fix = TRUE)
}

framework documentation built on Feb. 18, 2026, 1:07 a.m.