{"id":13602631,"url":"https://github.com/slauth-io/slauth-cli","last_synced_at":"2025-04-11T09:30:39.224Z","repository":{"id":207757295,"uuid":"718068648","full_name":"slauth-io/slauth-cli","owner":"slauth-io","description":"CLI that scans directories for Cloud Provider SDK usage generates the IAM Policies/Permissions needed","archived":false,"fork":false,"pushed_at":"2024-10-14T20:13:26.000Z","size":303,"stargazers_count":74,"open_issues_count":5,"forks_count":12,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-03-12T00:41:22.682Z","etag":null,"topics":["aws","cli","gcp","iam","llm","openai","permissions","policies"],"latest_commit_sha":null,"homepage":"https://www.slauth.io/","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/slauth-io.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-11-13T10:05:38.000Z","updated_at":"2024-11-15T05:18:32.000Z","dependencies_parsed_at":"2023-11-27T17:29:19.329Z","dependency_job_id":"d1685067-8e83-4b63-acda-76c0ad2f06ba","html_url":"https://github.com/slauth-io/slauth-cli","commit_stats":null,"previous_names":["slauth-io/slauth-cli"],"tags_count":35,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/slauth-io%2Fslauth-cli","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/slauth-io%2Fslauth-cli/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/slauth-io%2Fslauth-cli/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/slauth-io%2Fslauth-cli/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/slauth-io","download_url":"https://codeload.github.com/slauth-io/slauth-cli/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248368165,"owners_count":21092312,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","cli","gcp","iam","llm","openai","permissions","policies"],"created_at":"2024-08-01T18:01:32.237Z","updated_at":"2025-04-11T09:30:38.939Z","avatar_url":"https://github.com/slauth-io.png","language":"TypeScript","readme":"\u003cp align=\"center\"\u003e\u003cimg src=\"./static/images/slauth-logo.png\" alt=\"slauth.io logo\"/\u003e\u003c/p\u003e\n\u003cp align=\"center\"\u003e\n  CLI that scans repositories and generates the necessary IAM Permissions for the service to run.\n  \u003cbr\u003e\n  \u003ca href=\"https://github.com/slauth-io/slauth-cli/issues/new?assignees=\u0026labels=bug\u0026projects=\u0026template=bug_report.md\u0026title=\"\u003eReport bug\u003c/a\u003e\n  ·\n  \u003ca href=\"https://github.com/slauth-io/slauth-cli/issues/new?assignees=\u0026labels=enhancement\u0026projects=\u0026template=feature_request.md\u0026title=\"\u003eFeature request\u003c/a\u003e\n  ·\n  \u003ca href=\"https://blog.slauth.io/\"\u003eSlauth.io blog\u003c/a\u003e\n  \u003cbr\u003e\n  \u003cbr\u003e\n  🤩\n  \u003cbr\u003e\n  We're always open to feedback!\n  \u003cbr\u003e\n  If you have any or are in need of some help, please join our \u003ca href=\"https://join.slack.com/t/slauthiocommunity/shared_invite/zt-268nxuwyd-Vav8lYJdiP44Kt8lQSSybg\"\u003eSlack Community\u003c/a\u003e\n  \u003cbr\u003e\n  \u003cbr\u003e\n  \u003cimg alt=\"NPM Downloads\" src=\"https://img.shields.io/npm/dw/@slauth.io/slauth\" /\u003e\n  \u003cimg alt=\"GitHub issues\" src=\"https://img.shields.io/github/issues/slauth-io/slauth-cli\" /\u003e\n  \u003cimg alt=\"NPM License\" src=\"https://img.shields.io/npm/l/@slauth.io/slauth\" /\u003e\n\u003c/p\u003e\n\n## Installation\n\n```bash\nnpm install -g @slauth.io/slauth\n```\n\n## Usage\n\n1. Set the `OPENAI_API_KEY` environment variable: `export OPENAI_API_KEY=\u003ckey\u003e`\n2. Run `slauth --help` to see available commands\n\n### Commands\n\n#### Scan\n\nThe scan command will look for any calls of your Cloud Provider `sdk` in your git repository and generate the necessary permissions for it.\n\n```bash\nslauth scan -p aws ../path/to/my/repository\n```\n\n\u003e Note: By default the `scan` command will print the result to `stdout`. Use `-o,--output-file` option to specify a file to output to.\n\n**Result:**\n\nThe result of the scan command is an array of IAM Permissions.\n\n\u003e Note: For `aws` cloud provider, if the resource is not explicit in the code (e.g. comes from a variable), we use a placholder for it. Before deploying the policies, you will have to **manually** change these placeholders with the correct resources the service will try to interact with.\n\n```bash\nDetected Policies:\n\n[\n  {\n    \"Version\": \"2012-10-17\",\n    \"Id\": \"S3Policy\",\n    \"Statement\": [\n      {\n        \"Sid\": \"S3Permissions\",\n        \"Effect\": \"Allow\",\n        \"Action\": [\n          \"s3:PutObject\",\n          \"s3:GetBucketAcl\"\n        ],\n        \"Resource\": [\n          \"\u003cS3_BUCKET_PLACEHOLDER\u003e\",\n          \"\u003cS3_BUCKET_1_PLACEHOLDER\u003e\",\n          \"arn:aws:s3:::my_bucket_2/*\"\n        ]\n      }\n    ]\n  },\n  {\n    \"Version\": \"2012-10-17\",\n    \"Id\": \"DynamoDBPolicy\",\n    \"Statement\": [\n      {\n        \"Sid\": \"DynamoDBPermissions\",\n        \"Effect\": \"Allow\",\n        \"Action\": [\n          \"dynamodb:PutItem\"\n        ],\n        \"Resource\": [\n          \"\u003cDYNAMODB_TABLE_PLACEHOLDER\u003e\"\n        ]\n      }\n    ]\n  },\n  {\n    \"Version\": \"2012-10-17\",\n    \"Id\": \"SQSPolicy\",\n    \"Statement\": [\n      {\n        \"Sid\": \"SQSPermissions\",\n        \"Effect\": \"Allow\",\n        \"Action\": [\n          \"sqs:SendMessage\"\n        ],\n        \"Resource\": [\n          \"\u003cSQS_QUEUE_URL_PLACEHOLDER\u003e\"\n        ]\n      }\n    ]\n  }\n]\n```\n\n##### Available options\n\n- `-p, --cloud-provider \u003ccloudProvider\u003e` select the cloud provider you would like to generate policies for (choices: \"aws\", \"gcp\")\n- `-m, --openai-model \u003copenaiModel\u003e` select the openai model to use (choices: \"gpt-3.5-turbo-16k\", \"gpt-4-32k\")\n- `-o, --output-file \u003coutputFile\u003e` write generated policies to a file instead of stdout\n\n#### Selecting which OpenAI Model to use\n\nBy default `slauth` will use `gpt-4-32k` as it provides the best results. You can still choose to use other models to scan you repo, specially if cost is a concern:\n\nTo choose a different model, use the `-m` option of the `scan` command\n\n```bash\nslauth scan -p aws -m gpt-3.5-turbo-16k ./path/to/my/repository\n```\n\nAvailable models:\n\n- `gpt-3.5-turbo-16k` (results with this model might be incomplete)\n- `gpt-4-32k` (default)\n\n#### Example repos to test with\n\nIn case you want to give the CLI a quick test you can fork the following repositories.\n\n- aws-sdk: \u003chttps://github.com/slauth-io/aws-sdk-tester\u003e\n- google-cloud sdk: \u003chttps://github.com/slauth-io/gcp-sdk-tester\u003e\n\n### Running in CI/CD\n\nSlauth being a CLI, it can be easily integrated in your CI/CD pipelines.\n\n#### Github Action Example\n\nIn this GitHub action workflow we install Slauth, run it and then output the result to an artifact which can then be downloaded so it can be used in your IaC.\n\n```yaml\nname: scan\non:\n  push:\n\npermissions:\n  contents: read\n\njobs:\n  release:\n    name: policy-scan\n    runs-on: ubuntu-latest\n    steps:\n      - name: Checkout\n        uses: actions/checkout@v3\n        with:\n          fetch-depth: 0\n      - name: Setup Node.js\n        uses: actions/setup-node@v3\n        with:\n          node-version: 'lts/*'\n      - name: Install Slauth\n        run: npm install -g @slauth.io/slauth\n      - name: Run Slauth\n        env:\n          OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}\n        run: slauth scan -p aws -o ./policies.json .\n      - name: Upload Artifact\n        uses: actions/upload-artifact@v3\n        with:\n          name: policies\n          path: policies.json\n```\n\n## Development\n\n1. Set your `OPENAI_API_KEY` in the `.env` file at the root of the project\n2. Run `npm i`\n3. Install the `slauth` CLI globally: `npm install -g .`\n4. Compile tsc on file change: `npm run build-watch`\n5. Test it, `slauth -h` should work\n","funding_links":[],"categories":["cli","TypeScript"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fslauth-io%2Fslauth-cli","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fslauth-io%2Fslauth-cli","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fslauth-io%2Fslauth-cli/lists"}