deadshot
git-alerts
deadshot | git-alerts | |
---|---|---|
2 | 11 | |
188 | 190 | |
0.0% | 0.5% | |
0.0 | 5.4 | |
15 days ago | 6 days ago | |
Python | Go | |
MIT License | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
deadshot
- Deadshot is a Pull Request scanner that looks for the introduction of secrets via PRs by matching each diff line against a set of known secret expressions.
-
Deadshot: Keep Sensitive Data Out of Code
Code is no place for credentials, secrets, SQL statements, or any kind of sensitive data. But everyone makes mistakes, and it's important to be able to catch human errors before they create real problems. It is impossible to manually monitor any organization's entire code base hoping to catch sensitive changes before they escape to live forever on Github. This is a problem every security team faces when dealing with product code. The Product Security team at Twilio needed an automated way to ensure that developers weren't accidentally adding sensitive data to code repositories and to flag sensitive changes for a security review. We knew we couldn't monitor all code manually. Our solution: an automated way to monitor GitHub repositories in real-time, catching any sensitive data at the pull request stage, flagging issues as well as changes to sensitive functionality for a manual review. Thus was born Deadshot – which we're happy to be releasing as open source today.
git-alerts
- GitHub - boringtools/git-alerts: Tool to detect and monitor GitHub org users' public repositories for secrets and sensitive files
- GitHub - boringtools/git-alerts: A Public Git repository
- GitHub - boringtools/git-alerts: A Public Git repository & misconfiguration detection tool
- A Public Git repository and misconfiguration detection tool
- boringtools/git-alerts: A Public Git repository & misconfiguration detection tool
- Monitor your users Public GitHub Repositories
- A Public Git repository & misconfiguration detection tool
What are some alternatives?
leaky-repo - Benchmarking repo for secrets scanning
secrets-patterns-db - Secrets Patterns DB: The largest open-source Database for detecting secrets, API keys, passwords, tokens, and more.
tartufo - Searches through git repositories for high entropy strings and secrets, digging deep into commit history
whispers - Identify hardcoded secrets in static structured text
GitGoat - GitGoat is an open source tool that was built to enable DevOps and Engineering teams to design and implement a sustainable misconfiguration prevention strategy. It can be used to test products with access to GitHub repositories without a risk to your production environment.
git-pull-request - Send git pull requests via command line
github-leak-audit - A GitHub workflow to identify employees that have leaked your organization's code
gitleaks - Protect and discover secrets using Gitleaks 🔑
gh-action-pypi-publish - The blessed :octocat: GitHub Action, for publishing your :package: distribution files to PyPI: https://github.com/marketplace/actions/pypi-publish
ssh-crypt - This tool helps you to keep passwords inside your shell scripts safely