gitleaks
jaeger
Our great sponsors
gitleaks | jaeger | |
---|---|---|
35 | 94 | |
15,197 | 19,338 | |
2.6% | 1.1% | |
8.2 | 9.7 | |
3 days ago | 7 days ago | |
Go | Go | |
MIT License | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
gitleaks
-
How to use Lefthooks in your node project?
install gitleaks in your machine gitleaks
-
I Analyzed StackOverflow for Secrets
> gitleaks : fatal error: runtime: out of memory
Should be fixed now: https://github.com/gitleaks/gitleaks/pull/1292. Thanks for highlighting this simple change I've been putting off :)
-
[Help Needed] Securing Customized Gitleaks and Backend Communication?
I work in IT and we're enhancing our 'Shift Left Security' approach to prevent sensitive data leaks in our GitHub repositories. We've customized Gitleaks to send git-related information (like remote repository, author details, commit hash etc.) to our backend after each commit. This setup helps us monitor Gitleaks usage among our developers. (gitleaks)
-
Go Security Scanner
Cool. What features/capabilities are different compared to gitleaks?
-
My boss keeps committing his creds into git
To add my anecdote, testing out Trufflehog versus Gitleaks and detect-secrets the other tools seemed superior on detection rate and easier to work with.
-
Tools for very basic security audits
Some tools to consider: Gitleaks - open-source secret scanner for git repositories, files, and directories. Retire.js - dependency check tool for client JS code. Censys - It’s a search engine that you can use, for example, to scan any IP address and check open ports, software versions, location of the servers, etc. If you want to check more tools, you can download this free ebook with a list of recommended security tools: https://brightinventions.pl/blog/app-security-free-ebook/ The listed tools are free or offer free trials.
-
About secret scanning
bonuses: - https://github.com/trufflesecurity/trufflehog - https://github.com/gitleaks/gitleaks
-
Someone has access to my private repos = I lost 140k
I GET IT I need to follow best practice and not upload any sensitive information, even if its a private repo. But through my 10 yeras of coding it happened twice. However these keys only lived in 2 areas: my laptop and GITHUB. My laptop is pretty secured, and the timing of the above events just make me really think someone internally at Github is running https://github.com/gitleaks/gitleaks on private repos he / she has access to.
-
any open source that checks security vulnerabilities in code?
Maybe https://github.com/gitleaks/gitleaks is what you are looking for
-
Securing the software supply chain in the cloud
Gitleaks
jaeger
-
Observability with OpenTelemetry, Jaeger and Rails
Jaeger maps the flow of requests and data as they traverse a distributed system. These requests may make calls to multiple services, which may introduce their own delays or errors. https://www.jaegertracing.io/
-
Show HN: An open source performance monitoring tool
As engineers at past startups, we often had to debug slow queries, poor load times, inconsistent errors, etc... While tools like Jaegar [2] helped us inspect server-side performance, we had no way to tie user events to the traces we were inspecting. In other words, although we had an idea of what API route was slow, there wasn’t much visibility into the actual bottleneck.
This is where our performance product comes in: we’re rethinking a tracing/performance tool that focuses on bridging the gap between the client and server.
What’s unique about our approach is that we lean heavily into creating traces from the frontend. For example, if you’re using our Next.js SDK, we automatically connect browser HTTP requests with server-side code execution, all from the perspective of a user. We find this much more powerful because you can understand what part of your frontend codebase causes a given trace to occur. There’s an example here [3].
From an instrumentation perspective, we’ve built our SDKs on-top of OTel, so you can create custom spans to expand highlight-created traces in server routes that will transparently roll up into the flame graph you see in our UI. You can also send us raw OTel traces and manually set up the client-server connection if you want. [4] Here’s an example of what a trace looks like with a database integration using our Golang GORM SDK, triggered by a frontend GraphQL query [5] [6].
In terms of how it's built, we continue to rely heavily on ClickHouse as our time-series storage engine. Given that traces require that we also query based on an ID for specific groups of spans (more akin to an OLTP db), we’ve leveraged the power of CH materialized views to make these operations efficient (described here [7]).
To try it out, you can spin up the project with our self hosted docs [8] or use our cloud offering at app.highlight.io. The entire stack runs in docker via a compose file, including an OpenTelemetry collector for data ingestion. You’ll need to point your SDK to export data to it by setting the relevant OTLP endpoint configuration (ie. environment variable OTEL_EXPORTER_OTLP_LOGS_ENDPOINT [9]).
Overall, we’d really appreciate feedback on what we’re building here. We’re also all ears if anyone has opinions on what they’d like to see in a product like this!
[1] https://github.com/highlight/highlight/blob/main/LICENSE
[2] https://www.jaegertracing.io
[3] https://app.highlight.io/1383/sessions/COu90Th4Qc3PVYTXbx9Xe...
[4] https://www.highlight.io/docs/getting-started/native-opentel...
[5] https://static.highlight.io/assets/docs/gorm.png
[6] https://github.com/highlight/highlight/blob/1fc9487a676409f1...
[7] https://highlight.io/blog/clickhouse-materialized-views
[8] https://www.highlight.io/docs/getting-started/self-host/self...
[9] https://opentelemetry.io/docs/concepts/sdk-configuration/otl...
-
Kubernetes Ingress Visibility
For the request following, something like jeager https://www.jaegertracing.io/, because you are talking more about tracing than necessarily logging. For just monitoring, https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack would be the starting point, then it depends. Nginx gives metrics out of the box, then you can pull in the dashboard like https://grafana.com/grafana/dashboards/14314-kubernetes-nginx-ingress-controller-nextgen-devops-nirvana/ , or full metal with something like service mesh monitoring which would provably fulfil most of the requirements
-
Migrating to OpenTelemetry
Have you checked out Jaeger [1]? It is lightweight enough for a personal project, but featureful enough to really help "turn on the lightbulb" with other engineers to show them the difference between logging/monitoring and tracing.
-
The Road to GraphQL At Enterprise Scale
From the perspective of the realization of GraphQL infrastructure, the interesting direction is "Finding". How to find the problem? How to find the bottleneck of the system? Distributed Tracing System (DTS) will help answer this question. Distributed tracing is a method of observing requests as they propagate through distributed environments. In our scenario, we have dozens of subgraphs, gateway, and transport layer through which the request goes. We have several tools that can be used to detect the whole lifecycle of the request through the system, e.g. Jaeger, Zipkin or solutions that provided DTS as a part of the solution NewRelic.
-
OpenTelemetry Exporters - Types and Configuration Steps
Jaeger is an open-source, distributed tracing system that monitors and troubleshoots the flow of requests through complex, microservices-based applications, providing a comprehensive view of system interactions.
-
Fault Tolerance in Distributed Systems: Strategies and Case Studies
However, ensuring fault tolerance in distributed systems is not at all easy. These systems are complex, with multiple nodes or components working together. A failure in one node can cascade across the system if not addressed timely. Moreover, the inherently distributed nature of these systems can make it challenging to pinpoint the exact location and cause of fault - that is why modern systems rely heavily on distributed tracing solutions pioneered by Google Dapper and widely available now in Jaeger and OpenTracing. But still, understanding and implementing fault tolerance becomes not just about addressing the failure but predicting and mitigating potential risks before they escalate.
-
Observability in Action Part 3: Enhancing Your Codebase with OpenTelemetry
In this article, we'll use HoneyComb.io as our tracing backend. While there are other tools in the market, some of which can be run on your local machine (e.g., Jaeger), I chose HoneyComb because of their complementary tools that offer improved monitoring of the service and insights into its behavior.
-
Building for Failure
The best way to do this, is with the help of tracing tools such as paid tools such as Honeycomb, or your own instance of the open source Jaeger offering, or perhaps Encore's built in tracing system.
-
Distributed Tracing and OpenTelemetry Guide
In this example, I will create 3 Node.js services (shipping, notification, and courier) using Amplication, add traces to all services, and show how to analyze trace data using Jaeger.
What are some alternatives?
trufflehog - Find and verify credentials
Sentry - Developer-first error tracking and performance monitoring
trivy - Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
skywalking - APM, Application Performance Monitoring System
git-secrets - Prevents you from committing secrets and credentials into git repositories
prometheus - The Prometheus monitoring system and time series database.
pre-commit - A framework for managing and maintaining multi-language pre-commit hooks.
signoz - SigNoz is an open-source observability platform native to OpenTelemetry with logs, traces and metrics in a single application. An open-source alternative to DataDog, NewRelic, etc. 🔥 🖥. 👉 Open source Application Performance Monitoring (APM) & Observability tool
husky - git hooks made easy
Pinpoint - APM, (Application Performance Management) tool for large-scale distributed systems.
semgrep - Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
fluent-bit - Fast and Lightweight Logs and Metrics processor for Linux, BSD, OSX and Windows