{"id":13581772,"url":"https://github.com/nstapelbroek/gatekeeper","last_synced_at":"2026-01-17T00:39:51.280Z","repository":{"id":28483061,"uuid":"116600224","full_name":"nstapelbroek/gatekeeper","owner":"nstapelbroek","description":"A poor man's access control for cloud- security groups and firewalls. Enable deployments by temporary allowing addresses!","archived":false,"fork":false,"pushed_at":"2025-12-02T14:28:56.000Z","size":715,"stargazers_count":12,"open_issues_count":6,"forks_count":1,"subscribers_count":2,"default_branch":"latest","last_synced_at":"2025-12-05T12:21:23.139Z","etag":null,"topics":["acl","aws","cloud-firewall","deployment-tools","digitalocean","firewall","gatekeeper","golang","security-groups","vpc","vultr"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/nstapelbroek.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2018-01-07T21:23:21.000Z","updated_at":"2025-12-02T14:28:48.000Z","dependencies_parsed_at":"2024-03-19T09:26:23.267Z","dependency_job_id":"15224661-0eaf-4695-a0c7-9412edc908bf","html_url":"https://github.com/nstapelbroek/gatekeeper","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/nstapelbroek/gatekeeper","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nstapelbroek%2Fgatekeeper","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nstapelbroek%2Fgatekeeper/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nstapelbroek%2Fgatekeeper/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nstapelbroek%2Fgatekeeper/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nstapelbroek","download_url":"https://codeload.github.com/nstapelbroek/gatekeeper/tar.gz/refs/heads/latest","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nstapelbroek%2Fgatekeeper/sbom","scorecard":{"id":697390,"data":{"date":"2025-08-11","repo":{"name":"github.com/nstapelbroek/gatekeeper","commit":"bc00ff626e0b42536f2522e4857c2066e869cf43"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":2.9,"checks":[{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Code-Review","score":0,"reason":"Found 0/17 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'latest'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 23 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":9,"reason":"1 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2025-3787 / GHSA-fv92-fjc5-jj9h"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-22T04:08:19.034Z","repository_id":28483061,"created_at":"2025-08-22T04:08:19.034Z","updated_at":"2025-08-22T04:08:19.034Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28490383,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-16T23:55:29.509Z","status":"ssl_error","status_checked_at":"2026-01-16T23:55:29.108Z","response_time":107,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["acl","aws","cloud-firewall","deployment-tools","digitalocean","firewall","gatekeeper","golang","security-groups","vpc","vultr"],"created_at":"2024-08-01T15:02:14.170Z","updated_at":"2026-01-17T00:39:51.260Z","avatar_url":"https://github.com/nstapelbroek.png","language":"Go","funding_links":[],"categories":["Go"],"sub_categories":[],"readme":"# Gatekeeper\n\n[![Build Status](https://api.cirrus-ci.com/github/nstapelbroek/gatekeeper.svg)](https://cirrus-ci.com/github/nstapelbroek/gatekeeper)\n[![Go Report Card](https://goreportcard.com/badge/github.com/nstapelbroek/gatekeeper)](https://goreportcard.com/report/github.com/nstapelbroek/gatekeeper)\n[![GitHub license](https://img.shields.io/github/license/nstapelbroek/gatekeeper.svg)](https://github.com/nstapelbroek/gatekeeper/blob/master/LICENSE)\n\nTemporary allow access to your cloud infrastructure by signaling the gatekeeper. Allowing your build pipeline to deploy behind a firewall.\n\n## Supported environments\n\n| Provider | Product Name | Required Environment Variables |\n|---    |---    |---    |\n| Vultr | Firewall | `VULTR_PERSONAL_ACCESS_TOKEN`, `VULTR_FIREWALL_ID`|\n| Digitalocean | Cloud Firewalls | `DIGITALOCEAN_PERSONAL_ACCESS_TOKEN`, `DIGITALOCEAN_FIREWALL_ID` |\n| AWS | EC2 Security Groups | `AWS_ACCESS_KEY`, `AWS_SECRET_KEY`, `AWS_REGION`, `AWS_SECURITY_GROUP_ID` |\n| AWS | VPC Network ACLs | `AWS_ACCESS_KEY`, `AWS_SECRET_KEY`, `AWS_REGION`, `AWS_NETWORK_ACL_ID` |\n\n## Getting Started\n\n### Installation\n1. Download a release binary or use a Docker image\n1. Retrieve your cloud provider API keys. [DigitalOcean](https://www.digitalocean.com/docs/api/create-personal-access-token/) even has docs for this.\n1. Configure your application by passing environment variables. See these examples below:\n\nDocker:\n```\ndocker run -p 8080:8080 -e DIGITALOCEAN_PERSONAL_ACCESS_TOKEN=REPLACE_ME -e DIGITALOCEAN_FIREWALL_ID=REPLACE_ME nstapelbroek/gatekeeper:latest\n```\n\nStandalone binary:\n```\nDIGITALOCEAN_PERSONAL_ACCESS_TOKEN=REPLACE_ME DIGITALOCEAN_FIREWALL_ID=REPLACE_ME ./gatekeeper\n```\n\n### Usage\nAfter installing and running the application you can fire an HTTP POST towards it to temporary whitelist your given IP at the cloud provider.\nBy default the gatekeeper will open TCP port 22 (for SSH). You can change the port of protocol in the [configuration](#configuration).\n\nA simple example:\n```bash\ncurl -X POST http://localhost:8080\n```\n\nYou can configure the timeout or ip address per request basis by sending it as a form-encoded or json payload. The example below will use your public IP:\n```bash\ncurl -X POST -s -d 'ip='$(curl -s https://ifconfig.co/ip)'\u0026timeout=60' http://localhost:8080\n```\n\n  \n### Configuration\n\nAlthough this tool is meant to be very simple, you can configure it to your needs by changing some variables. \n\n| Variable Name      | Default value | Notes |\n|---\t             |---\t        |---    |\n| APP_ENV            | release      | Used to control the verbosity of log lines. Only `release` and `debug` are used. |\n| HTTP_AUTH_USERNAME |              | Used with to `HTTP_AUTH_PASSWORD` to shield the application with http basic auth. |\n| HTTP_AUTH_PASSWORD |              | See `HTTP_AUTH_USENAME`. Both values have to be provided.                         |\n| HTTP_PORT          | 8080         | Controls on which port the HTTP server will start.                                |\n| RULE_CLOSE_TIMEOUT | 120          | When no timeout value is given on a request, this value in seconds will be used. Use 0 to permanently allow the IP address. |\n| RULE_PORTS         | TCP:22       | A comma separated list of ports to unblock on a request. Use a `-` to indicate a range. For example: `TCP:20-22,UDP:20-22`. |\n\n\n### Development\nIf you wish to help building gatekeeper you can start with:\n\n1. [Fork and clone the repository](https://github.com/nstapelbroek/gatekeeper/fork)\n1. Install dependencies with `go mod tidy`\n1. Optionally you can install additional tooling like [golangci-lint](https://github.com/golangci/golangci-lint)\n1. Start building! You can find some inspiration for changes in the [issues](https://github.com/nstapelbroek/gatekeeper/issue) or [project board](https://github.com/nstapelbroek/gatekeeper/projects)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnstapelbroek%2Fgatekeeper","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnstapelbroek%2Fgatekeeper","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnstapelbroek%2Fgatekeeper/lists"}