{"id":17993612,"url":"https://github.com/cosad3s/sonarleaks","last_synced_at":"2025-10-10T19:09:59.100Z","repository":{"id":256202175,"uuid":"854541093","full_name":"cosad3s/sonarleaks","owner":"cosad3s","description":"Digging into private data through Sonarcloud public projects","archived":false,"fork":false,"pushed_at":"2024-09-13T16:36:22.000Z","size":253,"stargazers_count":9,"open_issues_count":0,"forks_count":3,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-04-06T17:52:37.470Z","etag":null,"topics":["bugbounty","hacking","osint","sonarqube"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cosad3s.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-09-09T11:09:40.000Z","updated_at":"2025-03-03T07:11:06.000Z","dependencies_parsed_at":"2024-09-09T15:31:13.702Z","dependency_job_id":"8c39e84c-309c-4b12-ae3c-588cc7f80576","html_url":"https://github.com/cosad3s/sonarleaks","commit_stats":null,"previous_names":["cosad3s/sonarleaks"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/cosad3s/sonarleaks","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cosad3s%2Fsonarleaks","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cosad3s%2Fsonarleaks/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cosad3s%2Fsonarleaks/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cosad3s%2Fsonarleaks/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cosad3s","download_url":"https://codeload.github.com/cosad3s/sonarleaks/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cosad3s%2Fsonarleaks/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279005042,"owners_count":26083827,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-10T02:00:06.843Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bugbounty","hacking","osint","sonarqube"],"created_at":"2024-10-29T20:12:16.282Z","updated_at":"2025-10-10T19:09:59.068Z","avatar_url":"https://github.com/cosad3s.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Sonarleaks\n\n\u003cimg src=\"assets/logo.jpg\" alt=\"drawing\" width=\"100\"/\u003e\n\n## Summary\n\nSonarCloud is a SAST SaaS platform built onto SonarQube.\n\nDuring my DevSecOps journey, I recently discovered that [Sonarcloud](https://sonarcloud.io/) (From SonarSource) offers the possibility to explore public projects.\nAfter working on [Postleaks](https://github.com/cosad3s/postleaks) and popularity of some other similars projects (like [swaggerHole](https://github.com/Liodeus/swaggerHole)) related to public data on SaaS, the `Explore` button triggers my curiosity.\n\nI created this small tool to get basic infos about Sonarcloud projects from the Explore tab.   \n\n**The results from SonarCloud are all marked as public projects, but appear to be related to private source repositories unrelated to SonarCloud. This could be the result of a misconfiguration on the customer side or something intentionally left public.**  \n*Reminder: paying SonarCloud customers can [change the visibility](https://docs.sonarsource.com/sonarcloud/administering-sonarcloud/managing-organizations/#allow-only-private-projects) of their projects at any time.*\n\n![alt text](assets/meme.jpg)\n\n## Usage\n\n```bash\n❯ sonarleaks -h\nusage: sonarleaks [-h] [--top] [--loc LOC] [-k KEYWORD] [-kf KEYWORD_FILE] [--private] [--source]\n\nSonarleaks 🛰️💧 Search for private code published to Sonarcloud.\n\noptions:\n  -h, --help        show this help message and exit\n  --top             Filter on top public projects\n  --loc LOC         Filter on minimum of lines of code\n  -k KEYWORD        Keyword (company, project, etc.)\n  -kf KEYWORD_FILE  Keywords file\n  --private         Only display components linked to potential private repository.\n  --source          Only display components with available source code.\n```\n\n### Examples\n\n***Top public projects, with minimum 500000 lines of code, with private repository and source code available***\n\n`❯ sonarleaks --top --loc 500000 --source --private`\n\n![alt text](assets/image.png)\n\n***Projects related to keyword `Salesforce`***\n\n`❯ sonarleaks -k salesforce`\n\n![alt text](assets/image2.png)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcosad3s%2Fsonarleaks","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcosad3s%2Fsonarleaks","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcosad3s%2Fsonarleaks/lists"}