{"id":18773025,"url":"https://github.com/pmzi/gomrok","last_synced_at":"2025-08-10T20:10:18.242Z","repository":{"id":57279921,"uuid":"369994575","full_name":"pmzi/gomrok","owner":"pmzi","description":"Security advisor for ready to serve files","archived":false,"fork":false,"pushed_at":"2023-07-01T13:40:08.000Z","size":108,"stargazers_count":5,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-07-09T12:26:47.305Z","etag":null,"topics":["security","security-automation","security-scanner","security-scanners","security-testing","security-tools"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/pmzi.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-05-23T08:02:51.000Z","updated_at":"2023-07-01T10:44:47.000Z","dependencies_parsed_at":"2024-10-23T05:11:01.638Z","dependency_job_id":"ba87f08d-5a0f-4948-a29e-29f4a296aa96","html_url":"https://github.com/pmzi/gomrok","commit_stats":{"total_commits":20,"total_committers":1,"mean_commits":20.0,"dds":0.0,"last_synced_commit":"044fa61adcfee2fb6b4cf9d80e1c1e5f821d9508"},"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/pmzi/gomrok","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pmzi%2Fgomrok","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pmzi%2Fgomrok/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pmzi%2Fgomrok/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pmzi%2Fgomrok/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pmzi","download_url":"https://codeload.github.com/pmzi/gomrok/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pmzi%2Fgomrok/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":269780617,"owners_count":24474686,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-10T02:00:08.965Z","response_time":71,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["security","security-automation","security-scanner","security-scanners","security-testing","security-tools"],"created_at":"2024-11-07T19:32:23.427Z","updated_at":"2025-08-10T20:10:18.189Z","avatar_url":"https://github.com/pmzi.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# gomrok\n\n`gomrok` is a security advisor for files/folders which are served! `gomrok` basically analyzes your files and folders and gives you security advices.\n\n## Introduction\n\nGenerally, any content which is going to be served must be checked for some security vulnerabilities. For example, any files starting with `.` (e.g `.git` folder) should be removed on production and **should not be served**. This is basically what `gomrok` does behind the scene and reports it back to you!\n\nBest practice is to put it on your CI and use it to scan your folder which is going to be served. If there are any vulnerabilities found on your content, `gomrok` will report it to you and the job will be failed.\n\n## Security Checks\n\nFor now, `gomrok` does three security checks:\n\n1. Checks for **SensitiveFileExposure**; e.g `.env`\n2. Checks for **SensitiveDataExposure**; e.g JWT tokens in the files\n3. Checks for **SourceMapLeaks** for front-end apps\n\n## Installation\n\n```\n$ npm i -g gomrok\n```\n\n## Usage\n\n```\n$ gomrok -p ./path/to/be/served\n```\n\nExample output:\n\n![Output example](https://user-images.githubusercontent.com/11475858/119897526-c600d200-bf55-11eb-9b9a-6acb6ecb5c79.png)","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpmzi%2Fgomrok","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpmzi%2Fgomrok","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpmzi%2Fgomrok/lists"}