Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/RichardoC/gitlab-secrets

This tool analyzes a given Gitlab repository and searches for dangling or force-pushed commits containing potential secret or interesting information.
https://github.com/RichardoC/gitlab-secrets

Last synced: about 23 hours ago
JSON representation

This tool analyzes a given Gitlab repository and searches for dangling or force-pushed commits containing potential secret or interesting information.

Awesome Lists containing this project

README

        

# Gitlab Secrets

This tool analyzes a given Gitlab repository and searches for dangling or force-pushed commits, containing potential secret or interesting information.

It's based on which does the same for Github

## Requirements

- Python3
- [requests](https://pypi.org/project/requests/)

## Installation

```bash
git clone https://github.com/neodyme-labs/github-secrets.git
```

## Usage

To get a list of basic options and switches use:
```bash
python3 gitlab_scanner.py -h
```

You can run this script either completely unauthenticated if you are checking public repositories, or your generated API token by following [this guide](https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html).

The tokens need requires `read_api` scope.

To export the token use:
```bash
export GITLAB_ACCOUNT_TOKEN=
```

To use against a custom instance of Gitlab
```bash
export GITLAB_INSTANCE_URL=
```

To run the script and scan a repository:
```bash
python3 gitlab_scanner.py /
```

An example repository for testing is

## Limitations

This can only detect dangling commits from the last [3 years](https://docs.gitlab.com/ee/api/events.html#event-time-period-limit) due to the retention period on events in Gitlab.

## License

Licensed under either of

* Apache License, Version 2.0, ([LICENSE-APACHE](LICENSE-APACHE) or )
* MIT license ([LICENSE-MIT](LICENSE-MIT) or )

at your option.

### Contribution

Unless you explicitly state otherwise, any contribution intentionally
submitted for inclusion in the work by you, as defined in the Apache-2.0
license, shall be dual licensed as above, without any additional terms or
conditions.