Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/UKHomeOffice/repo-security-scanner
CLI tool that finds secrets accidentally committed to a git repo, eg passwords, private keys
https://github.com/UKHomeOffice/repo-security-scanner
golang security security-audit
Last synced: 3 months ago
JSON representation
CLI tool that finds secrets accidentally committed to a git repo, eg passwords, private keys
- Host: GitHub
- URL: https://github.com/UKHomeOffice/repo-security-scanner
- Owner: techjacker
- License: mit
- Created: 2017-01-13T15:26:02.000Z (almost 8 years ago)
- Default Branch: master
- Last Pushed: 2023-03-07T02:18:18.000Z (over 1 year ago)
- Last Synced: 2024-04-12T23:48:52.583Z (7 months ago)
- Topics: golang, security, security-audit
- Language: Go
- Homepage:
- Size: 135 KB
- Stars: 1,132
- Watchers: 30
- Forks: 88
- Open Issues: 4
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
[![goreleaser](https://github.com/techjacker/repo-security-scanner/actions/workflows/release.yaml/badge.svg)](https://github.com/techjacker/repo-security-scanner/actions/workflows/release.yaml)
# repo-security-scanner
- CLI tool that finds secrets accidentally committed to a git repo, eg passwords, private keys
- Run it against your entire repo's history by piping the output from `git log -p`-----------------------------------------------------------
## Installation
1. [Download](../../releases) the latest stable release of the CLI tool for your architecture
2. Extract the tar and move the ```scanrepo``` binary to somewhere in your `$PATH`, eg `/usr/bin`-----------------------------------------------------------
## Usage
Check the entire history of the current branch for secrets.
```
$ git log -p | scanrepo------------------
Violation 1
Commit: 4cc087a1b4731d1017844cc86323df43068b0409
File: web/src/db/seed.sql
Reason: "SQL dump file"------------------
Violation 2
Commit: 142e6019248c0d53a5240242ed1a75c0cc110a0b
File: config/passwords.ini
Reason: "Contains word: password"...
```-----------------------------------------------------------
### Add false positives to `.secignore````
$ cat .secignore
file/that/is/not/really/a/secret/but/looks/like/one/to/diffence
these/pems/are/ok/*.pem
```[See example in this repo](./.secignore).
-----------------------------------------------------------
## Notifications
Work in progress.### Local Testing
#### Set environment variables needed
Create `env` file and update environment variables.
```
$ cp .env{.example,}
# update .env values
$ vi .env
$ source .env
```#### Launch containers
```
$ docker-compose up -d
```#### Run test offenses
```
$ make test-run-offenses
```### Debugging Elastalert
```
$ docker exec -it sh
# run elastalert test rule utility within elastalert container
$ elastalert-test-rule --config $ELASTALERT_CONFIG --count-only "$RULES_DIRECTORY/new_violation.yaml"
$ elastalert-test-rule --alert --config $ELASTALERT_CONFIG "$RULES_DIRECTORY/new_violation.yaml"
# run elastalert in debug mode
$ elastalert --config "$ELASTALERT_CONFIG" --rule "$RULES_DIRECTORY/new_violation.yaml" --debug
```#### Logs
```
$ tail -f /log/elastalert_new_violation_rule.log
```