{"id":13618992,"url":"https://github.com/boringtools/git-alerts","last_synced_at":"2025-12-16T02:03:26.872Z","repository":{"id":144679981,"uuid":"587413273","full_name":"boringtools/git-alerts","owner":"boringtools","description":"Tool to detect and monitor GitHub org users' public repositories for secrets and sensitive files","archived":false,"fork":false,"pushed_at":"2025-02-22T16:52:00.000Z","size":110,"stargazers_count":216,"open_issues_count":0,"forks_count":7,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-02-22T17:32:04.665Z","etag":null,"topics":["devsecops","github-secrets","github-security","security","security-tools","threat-hunting"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/boringtools.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-01-10T17:38:17.000Z","updated_at":"2025-02-22T16:46:27.000Z","dependencies_parsed_at":"2024-04-26T14:28:16.464Z","dependency_job_id":"e9c1b04a-b8f2-4cf5-a68d-944efd3526a6","html_url":"https://github.com/boringtools/git-alerts","commit_stats":null,"previous_names":[],"tags_count":7,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/boringtools%2Fgit-alerts","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/boringtools%2Fgit-alerts/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/boringtools%2Fgit-alerts/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/boringtools%2Fgit-alerts/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/boringtools","download_url":"https://codeload.github.com/boringtools/git-alerts/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248906854,"owners_count":21181228,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["devsecops","github-secrets","github-security","security","security-tools","threat-hunting"],"created_at":"2024-08-01T21:00:33.434Z","updated_at":"2025-12-16T02:03:26.788Z","avatar_url":"https://github.com/boringtools.png","language":"Go","readme":"# GitAlerts\n\n[![Go Report Card](https://goreportcard.com/badge/github.com/boringtools/git-alerts)](https://goreportcard.com/report/github.com/boringtools/git-alerts)\n![License](https://img.shields.io/github/license/boringtools/git-alerts)\n![Release](https://img.shields.io/github/v/release/boringtools/git-alerts)\n\n## What problem does it solve?\n\nGitHub repositories created under any organization can be controlled by the GitHub administrators. However any repository created under an organization's user account is not controllable unless the organisation has adopted the GitHub enterprise-managed user (EMU) model.\n\nAny public repository under the organization's user account that was created accidentally or for testing purposes could leak secrets, internal information, code etc. GitAlerts helps you detect and monitor such cases\n\n### Example\n\n\u003e Can be controlled by the administrator `https://github.com/\u003corg\u003e/\u003corg-repo-name\u003e`\n\n\u003e Can't be controlled by the administrator `https://github.com/\u003corg-user\u003e/\u003corg-user-repo-name\u003e`\n\n## Getting Started\n\n- Download the binary file for your operating system / architecture from the [Official GitHub Releases](https://github.com/boringtools/git-alerts/releases)\n\n- You can also install `git-alerts` using homebrew in MacOS and Linux\n\n```bash\nbrew tap boringtools/tap\nbrew install boringtools/tap/git-alerts\n```\n\n- Alternatively, build from source\n\n\u003e Ensure $(go env GOPATH)/bin is in your $PATH\n\n```bash\ngo install github.com/boringtools/git-alerts@main\n```\n\nSetup GitHub personal access token [(PAT)](https://github.com/boringtools/git-alerts/blob/main/docs/github.md) as the environment variable, without PAT GitHub will only allow `60` request per hour.\n\n```bash\nexport GITHUB_PAT=YOUR_GITHUB_PAT\n```\n\n## Usage\n\n### Scan\n\nScan GitHub repositories belonging to your organization users\n\n```bash\ngit-alerts scan --org your-org-name\n```\n\nScan and generate report with custom path\n\n```bash\ngit-alerts scan --org your-org-name --report-path /your/file/path/\n```\n\nScan custom list of GitHub users\n\n```bash\ngit-alerts scan --org your-org-name --users-file-path /path/to/csv/file\n```\n\u003e Ensure to pass CSV file with the list of GitHub usernames\n\n```csv\nusername01\nusername02\nusername03\n```\n\n### Monitor\n\nMonitor new public repositories being created by your organization users\n\n```bash\ngit-alerts monitor --org your-org-name\n```\n\nMonitor new public repositories being created by your organization users with slack notification\n\n```bash\ngit-alerts monitor --org your-org-name --slack-alert\n```\n\nSetup slack webhook token as the environment variable\n\n```bash\nexport SLACK_HOOK=SLACK_WEBHOOK_URL\n```\n\nMonitor new public repositories being created by your organization users along with secrets detection\n\n```bash\ngit-alerts monitor --org your-org-name --gitleaks\n```\n\nMonitor new public repositories being created by your organization users along with secrets detection and slack notification\n\n```bash\ngit-alerts monitor --org your-org-name --gitleaks --slack-alert\n```\n\nMonitor custom list of GitHub users\n\n```bash\ngit-alerts monitor --org your-org-name --users-file-path /path/to/csv/file\n```\n\u003e Ensure to pass CSV file with the list of GitHub usernames\n\n```csv\nusername01\nusername02\nusername03\n```\n\n### Secrets\n\nScan with secrets detection using Trufflehog\n\u003e Ensure trufflehog is installed in your machine\n\n```bash\ngit-alerts detect --org your-org-name --trufflehog\ngit-alerts detect --org your-org-name --trufflehog-verified\n```\nScan with secrets detection using Gitleaks\n\u003e Ensure Gitleaks is installed in your machine\n\n```bash\ngit-alerts detect --org your-org-name --gitleaks\n```\n\nScan with secrets detection using custom list of GitHub users\n\n```bash\ngit-alerts detect --org your-org-name --users-file-path /path/to/csv/file --gitleaks\n```\n\u003e Ensure to pass CSV file with the list of GitHub usernames\n\n```csv\nusername01\nusername02\nusername03\n```\n\n## Documentation\n\n[docs](https://github.com/boringtools/git-alerts/tree/main/docs)\n\u003e Please feel to reach out for any feedback and suggestions\n\n## Star History\n\n[![Star History Chart](https://api.star-history.com/svg?repos=boringtools/git-alerts\u0026type=Date)](https://star-history.com/#boringtools/git-alerts\u0026Date)\n","funding_links":[],"categories":["Communication and Collaboration Tools","Go"],"sub_categories":["Version Control, Wiki, Knowledge base"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fboringtools%2Fgit-alerts","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fboringtools%2Fgit-alerts","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fboringtools%2Fgit-alerts/lists"}