{"id":29201844,"url":"https://github.com/omercnet/gitguard","last_synced_at":"2026-02-04T16:03:58.176Z","repository":{"id":300819427,"uuid":"1006488183","full_name":"omercnet/gitguard","owner":"omercnet","description":null,"archived":false,"fork":false,"pushed_at":"2026-01-28T00:27:05.000Z","size":114,"stargazers_count":0,"open_issues_count":10,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-01-28T15:40:37.092Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/omercnet.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-06-22T11:41:35.000Z","updated_at":"2025-07-06T10:15:37.000Z","dependencies_parsed_at":"2025-06-23T19:40:46.063Z","dependency_job_id":"5b2f844f-10de-48da-b259-1f52ffce191c","html_url":"https://github.com/omercnet/gitguard","commit_stats":null,"previous_names":["omercnet/gitguard"],"tags_count":3,"template":false,"template_full_name":null,"purl":"pkg:github/omercnet/gitguard","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/omercnet%2Fgitguard","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/omercnet%2Fgitguard/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/omercnet%2Fgitguard/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/omercnet%2Fgitguard/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/omercnet","download_url":"https://codeload.github.com/omercnet/gitguard/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/omercnet%2Fgitguard/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29089915,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-04T03:31:03.593Z","status":"ssl_error","status_checked_at":"2026-02-04T03:29:50.742Z","response_time":62,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-07-02T12:07:35.741Z","updated_at":"2026-02-04T16:03:58.170Z","avatar_url":"https://github.com/omercnet.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# GitGuard 🛡️\n\nA GitHub App that scans commits for secrets using [Gitleaks](https://github.com/gitleaks/gitleaks).\n\n## Features\n\n- **Secret Detection**: 100+ built-in rules for API keys, tokens, passwords, and credentials\n- **GitHub Integration**: Creates check runs on commits with pass/fail status\n- **Privacy First**: Never logs or stores actual secrets, stateless operation\n- **Zero Dependencies**: Single binary with environment variable configuration\n- **Production Ready**: Structured logging, pre-commit hooks, security scanning\n\n## Quick Start\n\n1. **Environment Variables**:\n\n   ```bash\n   export GITHUB_WEBHOOK_SECRET=\"your-webhook-secret\"\n   export GITHUB_APP_ID=\"123456\"\n   export GITHUB_PRIVATE_KEY=\"-----BEGIN PRIVATE KEY-----\n   ...your private key...\n   -----END PRIVATE KEY-----\"\n   ```\n\n2. **Run**:\n\n   ```bash\n   make all    # Build and test\n   ./gitguard  # Start server on port 8080\n   ```\n\n## GitHub App Setup\n\nCreate a GitHub App with minimal permissions:\n\n- **Repository contents**: Read\n- **Checks**: Write  \n- **Metadata**: Read\n\nSubscribe to **Push** events and set webhook URL to your deployment.\n\n## Security \u0026 Privacy\n\n- **No Secret Storage**: Secrets are never logged, stored, or transmitted\n- **Minimal Permissions**: Only requires read access to changed files\n- **Stateless Design**: No database or persistent storage required\n- **In-Memory Processing**: Files scanned in memory, never written to disk\n- **Standard Compliance**: Uses official Gitleaks detection rules\n\n## Development\n\n```bash\nmake all                    # Run all checks and build\nmake test                   # Run tests\nmake security              # Security scanning\nmake lefthook-install      # Install pre-commit hooks\n\n# Development mode with debug logging\nLOG_LEVEL=debug LOG_PRETTY=1 go run main.go\n```\n\n## Deployment\n\n**Container**:\n\n```bash\ndocker run -p 8080:8080 \\\n  -e GITHUB_WEBHOOK_SECRET=... \\\n  -e GITHUB_APP_ID=... \\\n  -e GITHUB_PRIVATE_KEY=... \\\n  ghcr.io/omercnet/gitguard:latest\n```\n\n**Environment Variables**:\n\n- `GITHUB_WEBHOOK_SECRET` - GitHub webhook secret (required)\n- `GITHUB_APP_ID` - GitHub App ID (required)  \n- `GITHUB_PRIVATE_KEY` - GitHub App private key (required)\n- `PORT` - Server port (default: 8080)\n- `LOG_LEVEL` - Log level: trace, debug, info, warn, error (default: info)\n- `LOG_PRETTY` - Pretty console output for development (optional)\n\n## How It Works\n\n1. Receives GitHub push webhook\n2. Creates \"in progress\" check run\n3. Fetches only changed files from the commit\n4. Scans file contents with Gitleaks engine\n5. Updates check run with results (pass/fail + summary)\n\n## License\n\nMIT License - see [LICENSE](LICENSE)\n\n---\n**GitGuard** - Simple secret scanning for GitHub! 🛡️\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fomercnet%2Fgitguard","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fomercnet%2Fgitguard","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fomercnet%2Fgitguard/lists"}