{"id":34609476,"url":"https://github.com/bthuilot/git-lost-and-found","last_synced_at":"2026-01-19T21:06:48.653Z","repository":{"id":252271135,"uuid":"838065264","full_name":"bthuilot/git-lost-and-found","owner":"bthuilot","description":"Find secrets in orphaned and dangling commits","archived":false,"fork":false,"pushed_at":"2025-09-27T23:15:01.000Z","size":6955,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-09-28T01:06:26.222Z","etag":null,"topics":["git","golang","secrets"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/bthuilot.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2024-08-04T20:49:44.000Z","updated_at":"2025-09-27T23:13:46.000Z","dependencies_parsed_at":"2024-08-08T19:16:41.899Z","dependency_job_id":"3bcdb23f-62e4-46d2-83e6-707ee19fe3df","html_url":"https://github.com/bthuilot/git-lost-and-found","commit_stats":null,"previous_names":["bthuilot/git-scanner"],"tags_count":9,"template":false,"template_full_name":null,"purl":"pkg:github/bthuilot/git-lost-and-found","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bthuilot%2Fgit-lost-and-found","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bthuilot%2Fgit-lost-and-found/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bthuilot%2Fgit-lost-and-found/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bthuilot%2Fgit-lost-and-found/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/bthuilot","download_url":"https://codeload.github.com/bthuilot/git-lost-and-found/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bthuilot%2Fgit-lost-and-found/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28003721,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-12-24T02:00:07.193Z","response_time":83,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["git","golang","secrets"],"created_at":"2025-12-24T14:01:31.949Z","updated_at":"2026-01-19T21:06:48.647Z","avatar_url":"https://github.com/bthuilot.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# git-lost-and-found\n\n[![go report card](https://goreportcard.com/badge/github.com/bthuilot/git-lost-and-found/v2)](https://goreportcard.com/report/github.com/bthuilot/git-lost-and-found/v2)\n[![GitHub Release](https://img.shields.io/github/v/release/bthuilot/git-lost-and-found)](https://github.com/bthuilot/git-lost-and-found/releases)\n[![License: GPL v3](https://img.shields.io/badge/License-GPLv3-blue.svg)](https://www.gnu.org/licenses/gpl-3.0)\n\n\nGit scanning tool designed to find dangling commits.\n\nThis tool is designed to be used in conjunction with other git scanning tools that leverage `git log` to search diffs.\n`git-lost-and-found` is designed to find commits that are not reachable by any branch or tag in the repository, and add named references to them.\nThis allows other tools to find these commits and their changes, \nsince once they are reachable by a named reference they will be included in the output of `git log --all`.\nSome tools that can be used in conjunction with `git-lost-and-found` are:\n\n- [gitleaks](https://github.com/gitleaks/gitleaks)\n- [trufflehog](https://github.com/trufflesecurity/trufflehog)\n\n\n## Installing\n### Package manager\n\nInstall using homebrew\n```bash\nbrew tap bthuilot/tap\nbrew install bthuilot/tap/git-lost-and-found\n```\n\n## Building Locally\n\nThe repository can be built using the makefile provided.\nRequires Go to be installed on the system.\nOptionally a docker image can be built using the makefile.\n\n```bash\n# clone the repo\ngit clone github.com/bthuilot/git-lost-and-found \u0026\u0026 cd git-lost-and-found\n\n# To build the binary (output in bin/)\nmake build\n\n# Or to build a docker image (tagged as git-lost-and-found:dev)\nDOCKER_IMAGE=git-lost-and-found:dev make docker-build\n```\n\n## Running\n\n```bash\n# Find dangling commits and don't remove on cleanup\ngit-lost-and-found find --repo-path . --keep-refs\n\n# Find danling refs, then run gitleaks\n# once complete, remove created references\ngit-lost-and-found find --repo-path . -- gitleaks detect\n\n# clone the linux kernel, find dangling refs,\n# run trufflehog, then remove cloneded directory\ngit-lost-and-found find --repo-url \"https://github.com/torvalds/linux\" -- trufflehog git file://{} --json\n\n# Use the help menu to see what options are available\ngit-lost-and-found find --help\n```\n\n## CI Script \n\nA bash script is also provided to enable existing CI\ninfrastrucre to perform the lost and found lookup for references.\nTHe only requirements for the script are `sh`, `curl` and `git`.\n\n```bash\n# this assumes the cwd is inside a git directory\nsh -c \"$(curl -fsSL https://git-lf.thuilot.io/ci-scan)\"\n```\n\n## Example scans\n\n\n#### Scanning a local git repository with trufflehog (via Docker)\n\n```bash\n# git repository cloned to /my/repo/path\ndocker run -v /my/repo/path:/target \\\n  ghcr.io/bthuilot/git-lost-and-found:latest find \\\n  --repo-path /target \\\n  -- trufflehog git file://. --no-verification\n```\n\n### Scanning an existing repo using gitleaks (via CLI)\n\n```bash\n# git repository cloned to /my/repo/path\n# NOTE: gitleaks will have to be installed on the system\ngit-lost-and-found find --repo-path \"/my/repo/path\" \\\n\t-- gitleaks detect .\n```\n\n### Clone and scan a repository with Trufflehog (via Docker)\n```bash\n# NOTE: trufflehog will have to be installed on the system\ngit-lost-and-found find --repo-url \"https://github.com/torvalds/linux\" \\\n\t-- trufflehog git file://. --no-verification\n```","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbthuilot%2Fgit-lost-and-found","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbthuilot%2Fgit-lost-and-found","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbthuilot%2Fgit-lost-and-found/lists"}