{"id":21074584,"url":"https://github.com/osirislab/fork-sentry","last_synced_at":"2025-07-18T00:09:00.426Z","repository":{"id":43214841,"uuid":"415691530","full_name":"osirislab/fork-sentry","owner":"osirislab","description":"GitHub Action for detecting and alerting on suspicious forks of your repository","archived":false,"fork":false,"pushed_at":"2022-08-24T05:42:07.000Z","size":134,"stargazers_count":7,"open_issues_count":0,"forks_count":2,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-04-03T21:35:53.035Z","etag":null,"topics":["github-actions","security"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/osirislab.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-10-10T20:20:11.000Z","updated_at":"2025-02-01T16:07:05.000Z","dependencies_parsed_at":"2022-09-11T22:23:21.098Z","dependency_job_id":null,"html_url":"https://github.com/osirislab/fork-sentry","commit_stats":null,"previous_names":["ex0dus-0x/fork-sentry","malice-labs/fork-sentry"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/osirislab/fork-sentry","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/osirislab%2Ffork-sentry","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/osirislab%2Ffork-sentry/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/osirislab%2Ffork-sentry/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/osirislab%2Ffork-sentry/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/osirislab","download_url":"https://codeload.github.com/osirislab/fork-sentry/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/osirislab%2Ffork-sentry/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":265683489,"owners_count":23810854,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["github-actions","security"],"created_at":"2024-11-19T19:16:51.102Z","updated_at":"2025-07-18T00:09:00.375Z","avatar_url":"https://github.com/osirislab.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Fork Sentry\n\nDetect and alert on suspicious forks of your repository\n\n## Introduction\n\n__Fork Sentry__ is a [GitHub Action](https://github.com/features/actions) that reports on\nsuspicious forks of your repository that may be serving malicious artifacts.\n\nIn the past, __Fork Sentry__ has already found and taken down instances of:\n\n* Typosquatted accounts serving modified releases\n* Malicious cryptominers part of C2 infrastructures\n\n(TODO: include writeups, and links to paper releases)\n\n## Usage\n\n__Fork Sentry__ operates out of a seperate cloud infrastructure, which you can self-host with our open-sourced code, or reach out for an API token (WIP) to the existing one. This way we're able to scale analysis to large volumes of forks, while outsourcing scheduling to Action's CI/CD runner.\n\n```yml\nname: Check for suspicious forks\non:\n  schedule:\n    - cron: '0 10 * * 1' # Checks for updates every Monday at 10:00 AM\n\njobs:\n  fork-sentry:\n    runs-on: ubuntu-latest\n    steps:\n      - uses: ex0dus-0x/fork-sentry@v1.0\n        with:\n\n          # required for authentication and recovering forks\n          github_token: ${{ secrets.GITHUB_TOKEN }}\n          fork_sentry_token: ${{ secrets.FORK_SENTRY_API }}\n\n          # if self-hosting, replace with dispatcher endpoint\n          #infra_endpoint: https://fork-sentry-instance.example.com\n\n          # optional: integrate for VirusTotal Enterprise support\n          vt_token: ${{ secrets.VT_API_TOKEN }}\n```\n\n### Restrictions\n\n* Users must have a valid API token to trigger dispatch an analysis\n* Analysis jobs can only be run at a minimum of every 6 hours\n* Rate limiting against the dispatching endpoint will still be imposed to block large volumes of requests\n\n## Architecture\n\n![infrastructure](infrastructure.png)\n\nFor more information about self-hosting, check out the spec here.\n\n### Dispatcher\n\nThe Golang dispatcher ingests authenticated requests for analysis of a target parent repository. The request can\nbe invoked adhoc similarly like so:\n\n```\n$ curl -X POST -d '{\"owner\":\"OWNER\", \"name\": \"NAME\", \"github_token\": \"ghp_TOKEN\", \"api_token\": \"API_TOKEN\"}' -H 'Content-Type: application/json' https://endpoint.example/dispatch\n```\n\nor preferably through the Actions runner itself, which can be put on a schedule. The __dispatcher__ extracts all forks and publishes each for analyzers to subscribe and\nconsume.\n\n### Analyzer\n\nFor an individual fork, we check the following:\n\n* Name typosquatting\n* Known malware signatures\n* Suspicious capabilities\n\nPreviously detected samples are also checked using their _locality-sensitive hashes_ against a database with [this technique](https://www.virusbulletin.com/virusbulletin/2015/11/optimizing-ssdeep-use-scale).\n\n### Alert Function\n\nPotentially malicious forks are written back to the issue tracker in this step.\n\n## License\n\nFork Sentry is release under a Apache License 2.0 License\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fosirislab%2Ffork-sentry","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fosirislab%2Ffork-sentry","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fosirislab%2Ffork-sentry/lists"}