WALKOFF
github-leak-audit
Our great sponsors
| WALKOFF | github-leak-audit | |
|---|---|---|
| 1 | 1 | |
| 1,157 | 8 | |
| - | - | |
| 0.0 | 0.0 | |
| over 1 year ago | 11 months ago | |
| Python | Python | |
| GNU General Public License v3.0 or later | GNU Affero General Public License v3.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
WALKOFF
-
Current college student here. What is it like to work for defense contractors?
As for quirks, the biggest quirk is that you usually need to get a security clearance, and that means no drugs. As far as the tech goes, depends on what company you're working for and what government product they produce. If it's software for an otherwise physical product like a missile or an AGV, then it's probably gonna be some old stable language like C, with something like Java being used on the server side to talk to the machine. Meanwhile, there's definitely Python work sprinkled all throughout everything, and there's certainly parts of the government working on Docker or Kubernetes stuff. Like here's a completely unclassified government project that I've contributed to. It uses Docker and Yaml to automate tasks.
github-leak-audit
-
Thinking Like a Hacker: Finding Source Code Leaks on GitHub
One is an app I developed to be published alongside this blog post: https://github.com/lawndoc/github-leak-audit. The app uses GitHub’s API to monitor all your GitHub organization members’ personal public repos for potential leaks. It is specifically targeted for the accidental leak scenario described in this blog post. It will detect previously unknown code and new repos. To set it up in your organization, you’ll need to fork the repo under your organization’s ownership, set up a GitHub app or PAT secret for it, and enable the GitHub Actions workflow. Detailed instructions are in the README.
What are some alternatives?
Shuffle - Shuffle: A general purpose security automation platform. Our focus is on collaboration and resource sharing.
cicd-goat - A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.
infinitic - Infinitic is a scalable workflow engine for distributed services. It shines particularly by making complex orchestration simple. It can be used to reliably orchestrate microservices, manage distributed transactions, operates data pipelines, builds user-facing automation, etc.
apicheck - The DevSecOps toolset for REST APIs
cadence-python - Python framework for Cadence Workflow Service
goose - A robot for mapping github events into actionable HTTP payloads
maasta - MAAS Terraform Ansible
dockerfile-security - Static security checker for Dockerfiles
ssh-script-dashboard - An interface for executing scripts locally, or remotely over SSH
git-alerts - Tool to detect and monitor GitHub org users' public repositories for secrets and sensitive files
NMapGUI - Advanced Graphical User Interface for NMap
faraday - Open Source Vulnerability Management Platform