github-leak-audit
git-alerts
github-leak-audit | git-alerts | |
---|---|---|
1 | 11 | |
9 | 190 | |
- | 0.5% | |
0.0 | 5.4 | |
12 months ago | 20 days ago | |
Python | Go | |
GNU Affero General Public License v3.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
github-leak-audit
-
Thinking Like a Hacker: Finding Source Code Leaks on GitHub
One is an app I developed to be published alongside this blog post: https://github.com/lawndoc/github-leak-audit. The app uses GitHub’s API to monitor all your GitHub organization members’ personal public repos for potential leaks. It is specifically targeted for the accidental leak scenario described in this blog post. It will detect previously unknown code and new repos. To set it up in your organization, you’ll need to fork the repo under your organization’s ownership, set up a GitHub app or PAT secret for it, and enable the GitHub Actions workflow. Detailed instructions are in the README.
git-alerts
- GitHub - boringtools/git-alerts: Tool to detect and monitor GitHub org users' public repositories for secrets and sensitive files
- GitHub - boringtools/git-alerts: A Public Git repository
- GitHub - boringtools/git-alerts: A Public Git repository & misconfiguration detection tool
- A Public Git repository and misconfiguration detection tool
- boringtools/git-alerts: A Public Git repository & misconfiguration detection tool
- Monitor your users Public GitHub Repositories
- A Public Git repository & misconfiguration detection tool
What are some alternatives?
cicd-goat - A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.
deadshot - Deadshot is a Github pull request scanner to identify sensitive data being committed to a repository
WALKOFF - A flexible, easy to use, automation framework allowing users to integrate their capabilities and devices to cut through the repetitive, tedious tasks slowing them down. #nsacyber
secrets-patterns-db - Secrets Patterns DB: The largest open-source Database for detecting secrets, API keys, passwords, tokens, and more.
apicheck - The DevSecOps toolset for REST APIs
leaky-repo - Benchmarking repo for secrets scanning
goose - A robot for mapping github events into actionable HTTP payloads
GitGoat - GitGoat is an open source tool that was built to enable DevOps and Engineering teams to design and implement a sustainable misconfiguration prevention strategy. It can be used to test products with access to GitHub repositories without a risk to your production environment.
dockerfile-security - Static security checker for Dockerfiles
gh-action-pypi-publish - The blessed :octocat: GitHub Action, for publishing your :package: distribution files to PyPI: https://github.com/marketplace/actions/pypi-publish
faraday - Open Source Vulnerability Management Platform
whispers - Identify hardcoded secrets in static structured text