{"id":13397541,"url":"https://github.com/techjacker/repo-security-scanner","last_synced_at":"2025-05-16T13:04:33.226Z","repository":{"id":39846457,"uuid":"78861078","full_name":"techjacker/repo-security-scanner","owner":"techjacker","description":"CLI tool that finds secrets accidentally committed to a git repo, eg passwords, private keys","archived":false,"fork":false,"pushed_at":"2023-03-07T02:18:18.000Z","size":138,"stargazers_count":1150,"open_issues_count":4,"forks_count":91,"subscribers_count":30,"default_branch":"master","last_synced_at":"2024-10-29T18:08:27.135Z","etag":null,"topics":["golang","security","security-audit"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/techjacker.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2017-01-13T15:26:02.000Z","updated_at":"2024-10-27T09:55:23.000Z","dependencies_parsed_at":"2023-01-24T01:01:12.523Z","dependency_job_id":"d2393c98-fe4c-4e71-a547-bc1b2794b3d9","html_url":"https://github.com/techjacker/repo-security-scanner","commit_stats":{"total_commits":49,"total_committers":5,"mean_commits":9.8,"dds":0.326530612244898,"last_synced_commit":"2583094f81731073454eddeed38228512e68fec9"},"previous_names":["ukhomeoffice/repo-security-scanner"],"tags_count":7,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/techjacker%2Frepo-security-scanner","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/techjacker%2Frepo-security-scanner/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/techjacker%2Frepo-security-scanner/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/techjacker%2Frepo-security-scanner/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/techjacker","download_url":"https://codeload.github.com/techjacker/repo-security-scanner/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254535826,"owners_count":22087398,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["golang","security","security-audit"],"created_at":"2024-07-30T18:01:29.876Z","updated_at":"2025-05-16T13:04:33.183Z","avatar_url":"https://github.com/techjacker.png","language":"Go","funding_links":[],"categories":["Go","security"],"sub_categories":[],"readme":"[![goreleaser](https://github.com/techjacker/repo-security-scanner/actions/workflows/release.yaml/badge.svg)](https://github.com/techjacker/repo-security-scanner/actions/workflows/release.yaml)\n\n# repo-security-scanner\n\n- CLI tool that finds secrets accidentally committed to a git repo, eg passwords, private keys\n- Run it against your entire repo's history by piping the output from `git log -p`\n\n-----------------------------------------------------------\n\n## Installation\n1. [Download](../../releases) the latest stable release of the CLI tool for your architecture\n2. Extract the tar and move the ```scanrepo``` binary to somewhere in your `$PATH`, eg `/usr/bin`\n\n-----------------------------------------------------------\n\n## Usage\n\nCheck the entire history of the current branch for secrets.\n\n```\n$ git log -p | scanrepo\n\n------------------\nViolation 1\nCommit: 4cc087a1b4731d1017844cc86323df43068b0409\nFile: web/src/db/seed.sql\nReason: \"SQL dump file\"\n\n------------------\nViolation 2\nCommit: 142e6019248c0d53a5240242ed1a75c0cc110a0b\nFile: config/passwords.ini\nReason: \"Contains word: password\"\n\n...\n```\n\n-----------------------------------------------------------\n### Add false positives to `.secignore`\n\n```\n$ cat .secignore\nfile/that/is/not/really/a/secret/but/looks/like/one/to/diffence\nthese/pems/are/ok/*.pem\n```\n\n[See example in this repo](./.secignore).\n\n\n-----------------------------------------------------------\n## Notifications\nWork in progress.\n\n### Local Testing\n#### Set environment variables needed\nCreate `env` file and update environment variables.\n```\n$ cp .env{.example,}\n# update .env values\n$ vi .env\n$ source .env\n```\n\n#### Launch containers\n```\n$ docker-compose up -d\n```\n\n#### Run test offenses\n```\n$ make test-run-offenses\n```\n\n\n### Debugging Elastalert\n```\n$ docker exec -it \u003celastalert_container_hash\u003e sh\n# run elastalert test rule utility within elastalert container\n$ elastalert-test-rule --config $ELASTALERT_CONFIG --count-only \"$RULES_DIRECTORY/new_violation.yaml\"\n$ elastalert-test-rule --alert --config $ELASTALERT_CONFIG \"$RULES_DIRECTORY/new_violation.yaml\"\n# run elastalert in debug mode\n$ elastalert --config \"$ELASTALERT_CONFIG\" --rule \"$RULES_DIRECTORY/new_violation.yaml\" --debug\n```\n\n#### Logs\n```\n$ tail -f /log/elastalert_new_violation_rule.log\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftechjacker%2Frepo-security-scanner","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftechjacker%2Frepo-security-scanner","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftechjacker%2Frepo-security-scanner/lists"}