{"id":17543510,"url":"https://github.com/alixinne/ghsec","last_synced_at":"2026-01-05T04:55:05.476Z","repository":{"id":214116646,"uuid":"735721610","full_name":"alixinne/ghsec","owner":"alixinne","description":"GitHub Security Linter, written in Rust","archived":false,"fork":false,"pushed_at":"2024-09-17T17:56:36.000Z","size":47,"stargazers_count":1,"open_issues_count":4,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2024-09-19T15:18:17.100Z","etag":null,"topics":["actions","github","rust","security"],"latest_commit_sha":null,"homepage":"https://vtavernier.github.io/ghsec/ghsec/","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/alixinne.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-12-26T00:31:33.000Z","updated_at":"2024-07-18T16:21:41.000Z","dependencies_parsed_at":null,"dependency_job_id":"23b3f0bd-31d0-4608-9dd4-686de72c22ea","html_url":"https://github.com/alixinne/ghsec","commit_stats":null,"previous_names":["vtavernier/ghsec","alixinne/ghsec"],"tags_count":6,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alixinne%2Fghsec","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alixinne%2Fghsec/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alixinne%2Fghsec/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alixinne%2Fghsec/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/alixinne","download_url":"https://codeload.github.com/alixinne/ghsec/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":230562026,"owners_count":18245501,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["actions","github","rust","security"],"created_at":"2024-10-21T00:24:28.792Z","updated_at":"2026-01-05T04:55:05.439Z","avatar_url":"https://github.com/alixinne.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"# [ghsec](https://github.com/alixinne/ghsec)\n\n[![main](https://github.com/alixinne/ghsec/actions/workflows/main.yml/badge.svg?event=push)](https://github.com/alixinne/ghsec/actions/workflows/main.yml)\n\nghsec is an opinionated linter (with fixes) for public GitHub repository security. It helps\ndiagnose and fix potential security issues caused by GitHub repository settings that are\nusually too open by default.\n\n### Installation\n\n#### From source\n\n```bash\ncargo install --force --locked ghsec\n```\n\n#### With [cargo-binstall](https://github.com/cargo-bins/cargo-binstall)\n\n```bash\ncargo binstall ghsec\n```\n\n### Usage\n\nYou will need a personal access token with admin access level to your repositories. Currently,\nthis tool has only been tested with classic tokens with the repo scope.\n\n```bash\n# Provide a GitHub personal access token with admin access to your repositories\nexport GITHUB_TOKEN=ghp_.....\n\n# Run the checks\nghsec\n\n# Run the checks and fix the issues, if possible\nghsec --fix\n\n# You can also specify repositories to check using a unix-style glob\nghsec 'workflows-*'\n```\n\n### Supported checks\n\n- [`branch_protections`](https://alixinne.github.io/ghsec/ghsec/checks/branch_protections/index.html):\ncheck branch protection settings\n- [`code_review_limits`](https://alixinne.github.io/ghsec/ghsec/checks/code_review_limits/index.html):\ncheck account settings for code review limits\n- [`default_workflow_permissions`](https://alixinne.github.io/ghsec/ghsec/checks/default_worfklow_permissions/index.html):\nuse secure defaults for \"Default Workflow Permissions\"\n- [`fork_pull_request_workflows`](https://alixinne.github.io/ghsec/ghsec/checks/fork_pull_request_workflows/index.html):\ncheck repository settings for public fork pull request workflow runs\n- [`repository_secrets`](https://alixinne.github.io/ghsec/ghsec/checks/repository_secrets/index.html):\nlist repositories containing GitHub Actions secrets\n\n## License\n\nThis project is licensed under the [MIT License](LICENSE).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Falixinne%2Fghsec","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Falixinne%2Fghsec","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Falixinne%2Fghsec/lists"}