git404hub

what is secguide fr?

tencent/secguide — explained in plain English

Analysis updated 2026-06-24

13,517Audience · developerComplexity · 1/5Setup · easy

tl;dr

Tencent's SecGuide gives developers a practical, language-by-language checklist for avoiding common security bugs in C/C++, JavaScript, Node.js, Go, Java, and Python.

vibe map

mindmap
  root((repo))
    What it does
      Secure coding guide
      Per-language checklists
      API-level risks
    Languages covered
      C and C++
      JavaScript Node.js
      Go Java Python
    Intended uses
      Developer reference
      Scanning rule basis
      Bug fix guidance
    Approach
      DevSecOps mindset
      Practical solutions
      Community maintained

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

what do people make with this?

VIBE 1

Review your Python or Go codebase against the relevant SecGuide checklist to find and fix common vulnerabilities.

VIBE 2

Use the guides as a basis for writing automated security scanning rules in your CI pipeline.

VIBE 3

Onboard new team members by giving them the language-specific guide as a secure coding reference before code review.

what's the stack?

CC++JavaScriptNode.jsGoJavaPython

how it stacks up fr

tencent/secguidemicrosoft/loracookiecutter/cookiecutter-django
Stars13,51713,51713,512
LanguagePythonPython
Setup difficultyeasymoderatemoderate
Complexity1/54/53/5
Audiencedeveloperresearcherdeveloper

Figures from each repo's GitHub metadata at analysis time.

how do i run it?

Difficulty · easy time til it works · 5min
Shared under a Creative Commons license, community contributions and corrections are welcome.

in plain english

This repository is a code security guide published by Tencent. It is written in Chinese and aimed at software developers who want practical guidance on writing code that avoids common security vulnerabilities. The goal is to describe risks at the level of individual programming APIs and functions, and then provide clear, workable solutions for each risk. The guide covers six programming languages: C and C++, JavaScript, Node.js, Go, Java, and Python. Each language has its own document that walks through security concerns relevant to that language. The approach is rooted in DevSecOps, a way of thinking that treats security as something developers address from the start rather than something that security specialists review later. The guides are intended for everyday reference by developers, as a basis for writing automated security scanning rules, and as reference material when fixing known vulnerabilities. The content is shared under a Creative Commons license, and community contributions and corrections are welcome.

prompts (copy fr)

prompt 1
Based on Tencent SecGuide, what are the most critical security pitfalls to avoid when writing Node.js REST APIs?
prompt 2
Show me the Go-specific security rules from SecGuide and how to replace unsafe standard library calls.
prompt 3
Help me build a pull request review checklist from SecGuide's Java security guide for my team.
prompt 4
Which Python functions does SecGuide flag as dangerous, and what are the recommended safe alternatives?

Frequently asked questions

what is secguide fr?

Tencent's SecGuide gives developers a practical, language-by-language checklist for avoiding common security bugs in C/C++, JavaScript, Node.js, Go, Java, and Python.

What license does secguide use?

Shared under a Creative Commons license, community contributions and corrections are welcome.

How hard is secguide to set up?

Setup difficulty is rated easy, with roughly 5min to a first successful run.

Who is secguide for?

Mainly developer.

peek the repo → explain another one

This repo across BitVibe Labs

double-check against the repo, no cap.