{"id":20148189,"url":"https://github.com/chainguard-dev/github-audit-alerter","last_synced_at":"2025-05-06T21:34:26.757Z","repository":{"id":160615396,"uuid":"600243896","full_name":"chainguard-dev/github-audit-alerter","owner":"chainguard-dev","description":"Slack alert bot for matching Github Audit Events","archived":true,"fork":false,"pushed_at":"2024-11-12T23:27:20.000Z","size":70,"stargazers_count":10,"open_issues_count":0,"forks_count":6,"subscribers_count":4,"default_branch":"main","last_synced_at":"2025-04-07T12:48:35.359Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/chainguard-dev.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-02-10T23:00:05.000Z","updated_at":"2024-12-03T16:12:24.000Z","dependencies_parsed_at":"2024-01-26T16:25:56.715Z","dependency_job_id":"6671cbfa-5d9b-4e37-91da-48194051de2a","html_url":"https://github.com/chainguard-dev/github-audit-alerter","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chainguard-dev%2Fgithub-audit-alerter","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chainguard-dev%2Fgithub-audit-alerter/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chainguard-dev%2Fgithub-audit-alerter/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chainguard-dev%2Fgithub-audit-alerter/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/chainguard-dev","download_url":"https://codeload.github.com/chainguard-dev/github-audit-alerter/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252772850,"owners_count":21802001,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-13T22:35:06.488Z","updated_at":"2025-05-06T21:34:26.493Z","avatar_url":"https://github.com/chainguard-dev.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# github-audit-alerter\n\nSend Slack alerts based on GitHub Audit Events, including two major categories of events:\n\n* Excessive repository clones by a single user\n* Unexpected events, such as a private repository being made public\n\nThis is chiefly to detect whether or not someone's Github credentials have been abused for nefarious purposes, but can be used to notify on secrets shared on repos unintentionally made public.\n\n## Requirements\n\n- go v1.20.0 or newer\n- Slack webhook token\n- Github auth token\n\n## Usage\n\nYou will need a GITHUB_TOKEN with permissions where the `Resource owner` is the organization you are testing. \n\nFor this You can go and [create a new PAT](https://github.com/settings/personal-access-tokens/new) and select `Permissions / Organization Permission / Administration (Manage access to an organization.)` and set it to `Access: read-only`. That is the only permission you need.\n\nTesting:\n\n```\nexport GITHUB_TOKEN=$(cat \u003cyour-github-token-file\u003e)\ngithub-audit-alerter --org chainguard-dev --max-repos-cloned-per-user=3\n```\n\nTo send Slack events, set the GH_AUDIT_SLACK_WEBHOOK environment variable.\n\n## Creating a Slack webhook URL\n\n- https://\u003cyour instance name\u003e.slack.com/services/B0413S52DFB#message_attachments\n\n## Creating a GitHub auth token\n\n- Visit the [Fine-grained personal access tokens](https://github.com/settings/tokens?type=beta) page\n- Click `Generate new token`\n- Repository Access: `All repositories`\n- Repository permissions: `Administration: Read-only`\n- Organization permissions: `Administration: Read-only`, `Events: Read-only`","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchainguard-dev%2Fgithub-audit-alerter","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fchainguard-dev%2Fgithub-audit-alerter","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchainguard-dev%2Fgithub-audit-alerter/lists"}