explaingit

tencent/secguide

13,517Audience · developerComplexity · 1/5Setup · easy

TLDR

Tencent's SecGuide gives developers a practical, language-by-language checklist for avoiding common security bugs in C/C++, JavaScript, Node.js, Go, Java, and Python.

Mindmap

mindmap
  root((repo))
    What it does
      Secure coding guide
      Per-language checklists
      API-level risks
    Languages covered
      C and C++
      JavaScript Node.js
      Go Java Python
    Intended uses
      Developer reference
      Scanning rule basis
      Bug fix guidance
    Approach
      DevSecOps mindset
      Practical solutions
      Community maintained
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

Things people build with this

USE CASE 1

Review your Python or Go codebase against the relevant SecGuide checklist to find and fix common vulnerabilities.

USE CASE 2

Use the guides as a basis for writing automated security scanning rules in your CI pipeline.

USE CASE 3

Onboard new team members by giving them the language-specific guide as a secure coding reference before code review.

Tech stack

CC++JavaScriptNode.jsGoJavaPython

Getting it running

Difficulty · easy Time to first run · 5min
Shared under a Creative Commons license, community contributions and corrections are welcome.

In plain English

This repository is a code security guide published by Tencent. It is written in Chinese and aimed at software developers who want practical guidance on writing code that avoids common security vulnerabilities. The goal is to describe risks at the level of individual programming APIs and functions, and then provide clear, workable solutions for each risk. The guide covers six programming languages: C and C++, JavaScript, Node.js, Go, Java, and Python. Each language has its own document that walks through security concerns relevant to that language. The approach is rooted in DevSecOps, a way of thinking that treats security as something developers address from the start rather than something that security specialists review later. The guides are intended for everyday reference by developers, as a basis for writing automated security scanning rules, and as reference material when fixing known vulnerabilities. The content is shared under a Creative Commons license, and community contributions and corrections are welcome.

Copy-paste prompts

Prompt 1
Based on Tencent SecGuide, what are the most critical security pitfalls to avoid when writing Node.js REST APIs?
Prompt 2
Show me the Go-specific security rules from SecGuide and how to replace unsafe standard library calls.
Prompt 3
Help me build a pull request review checklist from SecGuide's Java security guide for my team.
Prompt 4
Which Python functions does SecGuide flag as dangerous, and what are the recommended safe alternatives?
Open on GitHub → Explain another repo

← tencent on gitmyhub — every repo by this author, as a profile.

Verify against the repo before relying on details.