smee-client
GitGoat
| smee-client | GitGoat | |
|---|---|---|
| 4 | 9 | |
| 390 | 162 | |
| 2.1% | 0.0% | |
| 7.6 | 0.0 | |
| 8 days ago | 4 months ago | |
| TypeScript | Python | |
| ISC License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
smee-client
-
How We Converted a GitHub Tool Into a General Purpose Webhook Proxy to Supercharge Our Integration Development
Well, that will require a change in the smee-client as well. So maybe a follow-up?
-
Show HN: Send a GitHub webhook to a private URL
Neat stuff - certainly this problem crops up quite a lot where an internal server needs to get GitHub webhook data.
In the past, I've had good luck using a webhook proxy. I've mostly just used https://smee.io/ which is simple and lightweight although seems to be mostly abandonware at this point. I dockerized it so that it could be used in a Kubernetes cluster, which was very useful for my GitHub Actions build cluster: https://github.com/ethomson/smee-client
There's also Hookdeck, which I haven't used in production, but have played around with, and it seems conceptually the same, but can be made more Enterprisey. Whether that's a bug or a feature is probably up to you.
-
Deploy a GitHub Application to Cloudflare Workers
Using the same probot/smee-client shipped by Probot we divert the webhook URL to one on localhost for the development application, and for the production application we will enter a custom route.
GitGoat
-
How We Converted a GitHub Tool Into a General Purpose Webhook Proxy to Supercharge Our Integration Development
Doron Guttman and Roei Ben-Harush @ [arnica], April 2023
- GitGoat v2 is released β fake commits with real vulnerable code
- GitGoat v2 is released: multiple vulnerable projects with amended commit history
- Show HN: GitGoat v2 is released β fake commits with real vulnerable code
-
Personal + Work accounts or one account for both?
The downside is that developers can choose to avoid using one of the controls above, such as enabling MFA. In that case, the developers will likely prefer to create a new account and the use git config user.email [personal_email] to add the stats to their accounts. It will require the company to work harder on mapping the author (from the git config) to the pusher of the code (arnica.io correlates this data in the GitHub user inventory, so it is possible to solve with some engineering work).
-
Try to take permissions from devsβ¦
This meme was created by arnica.io, which solves it. The nice thing about it is that the continuous analysis of excessive permissions is free forever for unlimited users.
-
Tell HN: GitHub Apps bug created tokens with elevated privileges
You can assess all GitHub app permissions on https://arnica.io. The excessive permissions are presented at the end of the data ingestion process. This is part of the freemium.
- GitGoat - deliberately misconfigured GitHub org
-
GotGoat - deliberately misconfigured GitHub organization
Pretty cool way to generate dummy data on GitHub, such as invite members, add them to Teams, commit code and secrets, raise & review PRs, and configure different branch protection policies (such as CODEOWNERS). Link: https://github.com/arnica-ext/GitGoat
What are some alternatives?
ngrok - Expose your localhost to the web. Node wrapper for ngrok.
WebGoat - WebGoat is a deliberately insecure application
probot - π€ A framework for building GitHub Apps to automate and improve your workflow
ggshield - Find and fix 360+ types of hardcoded secrets and 70+ types of infrastructure-as-code misconfigurations.
smee.io - βοΈπ¦ Webhook payload delivery service
octokit.js - The all-batteries-included GitHub SDK for Browsers, Node.js, and Deno.
sish - HTTP(S)/WS(S)/TCP Tunnels to localhost using only SSH.
ziti-sdk-py - Ziti SDK for Python
git-alerts - Tool to detect and monitor GitHub org users' public repositories for secrets and sensitive files
cloudflare-worker-github-app-exampleassets
node-config - Node.js Application Configuration