GitGoat
GitGoat is an open source tool that was built to enable DevOps and Engineering teams to design and implement a sustainable misconfiguration prevention strategy. It can be used to test products with access to GitHub repositories without a risk to your production environment. (by arnica-ext)
smee.io
βοΈπ¦ Webhook payload delivery service (by probot)
Our great sponsors
| GitGoat | smee.io | |
|---|---|---|
| 9 | 1 | |
| 162 | 304 | |
| -0.6% | 3.6% | |
| 0.0 | 0.0 | |
| 4 months ago | 21 days ago | |
| Python | JavaScript | |
| MIT License | MIT License |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
GitGoat
Posts with mentions or reviews of GitGoat.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2023-04-21.
-
How We Converted a GitHub Tool Into a General Purpose Webhook Proxy to Supercharge Our Integration Development
Doron Guttman and Roei Ben-Harush @ [arnica], April 2023
- GitGoat v2 is released β fake commits with real vulnerable code
- GitGoat v2 is released: multiple vulnerable projects with amended commit history
- Show HN: GitGoat v2 is released β fake commits with real vulnerable code
-
Personal + Work accounts or one account for both?
The downside is that developers can choose to avoid using one of the controls above, such as enabling MFA. In that case, the developers will likely prefer to create a new account and the use git config user.email [personal_email] to add the stats to their accounts. It will require the company to work harder on mapping the author (from the git config) to the pusher of the code (arnica.io correlates this data in the GitHub user inventory, so it is possible to solve with some engineering work).
-
Try to take permissions from devsβ¦
This meme was created by arnica.io, which solves it. The nice thing about it is that the continuous analysis of excessive permissions is free forever for unlimited users.
-
Tell HN: GitHub Apps bug created tokens with elevated privileges
You can assess all GitHub app permissions on https://arnica.io. The excessive permissions are presented at the end of the data ingestion process. This is part of the freemium.
- GitGoat - deliberately misconfigured GitHub org
-
GotGoat - deliberately misconfigured GitHub organization
Pretty cool way to generate dummy data on GitHub, such as invite members, add them to Teams, commit code and secrets, raise & review PRs, and configure different branch protection policies (such as CODEOWNERS). Link: https://github.com/arnica-ext/GitGoat
smee.io
Posts with mentions or reviews of smee.io.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2023-04-21.
-
How We Converted a GitHub Tool Into a General Purpose Webhook Proxy to Supercharge Our Integration Development
My recommended starting point is to fork/clone the smee.io repo and get it working. And by working, I don't mean deploying it, but being able to build and run it locally to a point where you can place a break point in the code and have it pause there. This is necessary in order to customize any code. I actually had some issues doing that with the main branch as it was in commit 3a01759.
What are some alternatives?
When comparing GitGoat and smee.io you can also consider the following projects:
WebGoat - WebGoat is a deliberately insecure application
smee-client - π΄ Receives payloads then sends them to your local server
ggshield - Find and fix 360+ types of hardcoded secrets and 70+ types of infrastructure-as-code misconfigurations.
frp - A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.
sish - HTTP(S)/WS(S)/TCP Tunnels to localhost using only SSH.
probot - π€ A framework for building GitHub Apps to automate and improve your workflow
git-alerts - Tool to detect and monitor GitHub org users' public repositories for secrets and sensitive files
node-config - Node.js Application Configuration
requests-async - async-await support for `requests`. β¨ π° β¨