{"id":13542309,"url":"https://github.com/duo-labs/secret-bridge","last_synced_at":"2025-07-12T15:38:01.609Z","repository":{"id":35859127,"uuid":"201492192","full_name":"duo-labs/secret-bridge","owner":"duo-labs","description":"Monitors Github for leaked secrets","archived":false,"fork":false,"pushed_at":"2024-10-25T23:48:16.000Z","size":65,"stargazers_count":197,"open_issues_count":13,"forks_count":40,"subscribers_count":17,"default_branch":"master","last_synced_at":"2025-04-12T23:43:13.500Z","etag":null,"topics":["secrets","secrets-detection","security"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/duo-labs.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-08-09T15:18:28.000Z","updated_at":"2025-03-23T22:38:59.000Z","dependencies_parsed_at":"2023-01-16T07:46:16.220Z","dependency_job_id":"5c4b1ba9-a1c9-4e09-a1e7-9d6a98b64af5","html_url":"https://github.com/duo-labs/secret-bridge","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/duo-labs%2Fsecret-bridge","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/duo-labs%2Fsecret-bridge/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/duo-labs%2Fsecret-bridge/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/duo-labs%2Fsecret-bridge/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/duo-labs","download_url":"https://codeload.github.com/duo-labs/secret-bridge/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248647256,"owners_count":21139081,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["secrets","secrets-detection","security"],"created_at":"2024-08-01T10:01:04.633Z","updated_at":"2025-04-12T23:43:18.597Z","avatar_url":"https://github.com/duo-labs.png","language":"Python","funding_links":[],"categories":["Miscellaneous","Python"],"sub_categories":["Secrets"],"readme":"secret-bridge\n==============\n\nA bridge to help increase your ability to detect secrets shared on Github.\n\nMore details on the methodology can be found in our [blog post](https://duo.com/labs/research/how-to-monitor-github-for-secrets).\n\nHow It Works\n============\n\nThere are two ways this can operate:\n\n-\t**Event Polling** - In this mode, the script polls the [Github Events API](https://developer.github.com/v3/activity/events/) for an organization, developer, or set or repositories. This is useful when you may not have control over the thing you're watching.\n-\t**Webhook** - In this mode, the script sets up a server which can receive webhook events. This is useful when you have control over the thing you're watching, since it provides data in near real-time.\n\nOnce events are received indicating that new code has been pushed, this script executes configured *detectors* to detect secrets in the changes. At this time, the following detectors are supported:\n\n-\t[`detect-secrets`](https://github.com/Yelp/detect-secrets)\n-\t[`git-secrets`](https://github.com/awslabs/git-secrets)\n-\t[`trufflehog`](https://github.com/dxa4481/truffleHog)\n\nA more general listing of tools which can be used to detect secrets in Git repositories can be found in [TOOLS.md](TOOLS.md)\n\nIf a secret is found, it is sent upstream to a *notifier*. At this time, we support notifying both via stdout as well as Slack and Microsoft Teams.\n\nInstallation\n============\n\nVia Docker\n----------\n\nThe easiest way to get started is by using our Docker image. You can see how to run the Docker image in the [Usage section](#running-via-docker).\n\n\nInstallation from Source\n------------------------\n\nFirst, you need to clone the repository:\n\n```\ngit clone https://github.com/duo-labs/secret-bridge.git\n```\n\nThen, install the required dependencies:\n\n```\npip install -r requirements.txt\n```\n\nConfiguration\n=============\n\nConfiguration is done through `config.toml`. In this file, you set your `access_token`, the organizations, developers, and repositories you want to monitor for secrets, and more.\n\nSetting Up the Access Token\n---------------------------\n\nYou may wish to avoid having the access token in a file. Instead, you can set this value to `env`, and put the access token in the `GITHUB_WATCHER_TOKEN` environment variable.\n\nSetting Up the Monitors\n-----------------------\n\nIf you're monitoring via event polling (as opposed to using the webhook server), then you can configure what to monitor via the `monitors` configuration value.\n\nYou have the option of configuring one or more Github organization, user, or repository.\n\nSetting Up the Detectors\n------------------------\n\nThis tool doesn't actually implement secret detection for Git repositories, since we consider that largely a solved problem. Instead, we handle running various secret detection tools for you in near real-time.\n\nDetectors are configured via the `detectors` configuration value. Right now, the following values are accepted:\n\n-\t`detect-secrets`\n-\t`git-secrets`\n-\t`trufflehog`\n\n\u003e Note: It's expected that the detector you use is installed and available on your `$PATH`. If you are running this via the Docker image, all the required tools are pre-installed.\n\nSetting Up the Notifiers\n------------------------\n\nIf a secret is detected, we will notify you using your configured `notifiers`. Currently, the two notification methods are printing to the console, and notifying via a Slack/Teams webhook. \n\nFor webhook notifications, both Slack and Microsoft Teams implementations work identically: the JSON structure used to call the Slack webhook is the same as for Microsoft Teams, the implementation is just currently not updated to reflect this. To configure Teams notifications, follow these same steps but with a Teams Connector.\n\nTo configure Slack/Teams notifications, create the following configuration option with the `webhook_url` provided by Slack:\n\n```toml\n[notifiers.slack_webhook]\n    webhook_url='your_webhook_url'\n```\n\nUsage\n=====\n\n```\npython main.py --help\nUsage: main.py [OPTIONS] COMMAND [ARGS]...\n\nOptions:\n  -f, --config PATH  [default: config.toml]\n  -v, --verbose      Print verbose debug information\n  --help             Show this message and exit.\n\nCommands:\n  poll\n  webhook\n```\n\nRunning Via Docker\n------------------\n\n```\ndocker run -ti --rm -e GITHUB_WATCHER_TOKEN=your_access_token duolabs/secret-bridge poll\n```\n\n*Note that this is the only docker command needed to get the tool up and running. Relevant images will be automatically pulled if they are not found locally.*\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fduo-labs%2Fsecret-bridge","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fduo-labs%2Fsecret-bridge","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fduo-labs%2Fsecret-bridge/lists"}