Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/boringtools/git-alerts
Tool to detect and monitor GitHub org users' public repositories for secrets and sensitive files
https://github.com/boringtools/git-alerts
devsecops github-secrets github-security security security-tools threat-hunting
Last synced: 3 months ago
JSON representation
Tool to detect and monitor GitHub org users' public repositories for secrets and sensitive files
- Host: GitHub
- URL: https://github.com/boringtools/git-alerts
- Owner: boringtools
- License: apache-2.0
- Created: 2023-01-10T17:38:17.000Z (almost 2 years ago)
- Default Branch: main
- Last Pushed: 2024-04-26T15:33:52.000Z (6 months ago)
- Last Synced: 2024-06-21T03:33:43.469Z (5 months ago)
- Topics: devsecops, github-secrets, github-security, security, security-tools, threat-hunting
- Language: Go
- Homepage:
- Size: 56.6 KB
- Stars: 193
- Watchers: 3
- Forks: 6
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- Awesome - Git-alerts - Tool to detect and monitor GitHub org users' public repositories for secrets and sensitive files (Communication and Collaboration Tools / Version Control, Wiki, Knowledge base)
README
# GitAlerts
[](https://goreportcard.com/report/github.com/boringtools/git-alerts)
## What problem does it solve?
GitHub repositories created under any organization can be controlled by the GitHub administrators. However any repository created under an organization's user account is not controllable unless the organisation has adopted the GitHub enterprise-managed user (EMU) model.
Any public repository under the organization's user account that was created accidentally or for testing purposes could leak secrets, internal information, code etc. GitAlerts helps you detect and monitor such cases
### Example
> Can be controlled by the administrator `https://github.com//`
> Can't be controlled by the administrator `https://github.com//`
## Getting Started
- Download the binary file for your operating system / architecture from the [Official GitHub Releases](https://github.com/boringtools/git-alerts/releases)
- You can also install `git-alerts` using homebrew in MacOS and Linux
```bash
brew tap boringtools/tap
brew install boringtools/tap/git-alerts
```
- Alternatively, build from source
> Ensure $(go env GOPATH)/bin is in your $PATH
```bash
go install github.com/boringtools/git-alerts@main
```
Setup GitHub personal access token [(PAT)](https://github.com/boringtools/git-alerts/blob/main/docs/github.md) as the environment variable, without PAT GitHub will only allow `60` request per hour.
```bash
export GITHUB_PAT=YOUR_GITHUB_PAT
```
## Usage
Scan GitHub repositories belonging to your organization users
```bash
git-alerts scan --org your-org-name
```
Monitor new public repositories being created by your organization users
```bash
git-alerts monitor --org your-org-name
```
Monitor new public repositories being created by your organization users with slack notification
```bash
git-alerts monitor --org your-org-name --slack-alert
```
Setup slack webhook token as the environment variable
```bash
export SLACK_HOOK=SLACK_WEBHOOK_URL
```
Scan and generate report with custom path
```bash
git-alerts scan --org your-org-name --report-path /your/file/path/
```
Scan with secrets detection using Trufflehog
> Ensure trufflehog is installed in your machine
```bash
git-alerts detect --org your-org-name
```
## Documentation
[docs](https://github.com/boringtools/git-alerts/tree/main/docs)
> Please feel to reach out for any feedback and suggestions
## Star History
[](https://star-history.com/#boringtools/git-alerts&Date)