https://github.com/foomo/obacht
Security configuration scanner for developer environments
https://github.com/foomo/obacht
foomo foomo-obacht security security-tools
Last synced: 11 days ago
JSON representation
Security configuration scanner for developer environments
- Host: GitHub
- URL: https://github.com/foomo/obacht
- Owner: foomo
- License: mit
- Created: 2026-04-28T06:03:54.000Z (about 2 months ago)
- Default Branch: main
- Last Pushed: 2026-05-19T06:54:56.000Z (25 days ago)
- Last Synced: 2026-05-19T08:53:39.611Z (25 days ago)
- Topics: foomo, foomo-obacht, security, security-tools
- Language: Go
- Homepage: https://foomo.github.io/obacht/
- Size: 1.99 MB
- Stars: 1
- Watchers: 0
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Contributing: docs/CONTRIBUTING.md
- License: LICENSE
- Code of conduct: docs/CODE_OF_CONDUCT.md
- Security: docs/SECURITY.md
Awesome Lists containing this project
README
[](https://goreportcard.com/report/github.com/foomo/obacht)
[](https://godoc.org/github.com/foomo/obacht)
[](https://app.codecov.io/gh/foomo/obacht)
[](https://github.com/foomo/obacht/releases)
[](https://hub.docker.com/r/foomo/obacht)
[](https://github.com/foomo/obacht)
> Security scanner for developer environments
obacht inspects your local development setup for security misconfigurations — insecure file permissions, exposed credentials, weak SSH/Git settings, risky Docker access — using an embedded [OPA](https://www.openpolicyagent.org/) engine and Rego policies. It is lightweight, read-only, and requires no agent or endpoint management platform.
## Demo
## Features
- **118 built-in rules** across 13 categories: SSH, Git, Docker, Kubernetes, env, shell, tools, PATH, OS, credentials, privacy, Claude Code, bumblebee
- **OPA-powered** with an embedded Rego engine — no external dependencies
- **Read-only collectors** — never modifies system state
- **Extensible** via `--rules-dir` for custom Rego policies
- **Pretty TUI** or machine-readable JSON output for CI
## Installation
Homebrew (macOS / Linux)
```shell
brew install foomo/tap/obacht
```
See the [foomo/homebrew-tap](https://github.com/foomo/homebrew-tap) repository.
Docker
```shell
docker run --rm foomo/obacht:latest scan
```
Multi-arch images (`amd64`, `arm64`) are published to [Docker Hub](https://hub.docker.com/r/foomo/obacht).
mise
```shell
mise use github:foomo/obacht
```
or run directly:
```shell
mise x github:foomo/obacht -- scan
```
See [mise.jdx.dev](https://mise.jdx.dev).
Binary release
Download the archive for your OS/arch from the [releases page](https://github.com/foomo/obacht/releases) and extract `obacht` into your `$PATH`.
go install
```shell
go install github.com/foomo/obacht/cmd/obacht@latest
```
Requires Go 1.26+.
## Usage
```shell
$ obacht --help
Security configuration scanner for developer environments
Usage:
obacht [flags]
obacht [command]
Available Commands:
completion Generate the autocompletion script for the specified shell
doctor Check obacht dependencies and configuration
explain Show detailed information about a rule
help Help about any command
scan Scan the local development environment for security issues
Flags:
--format string output format (pretty, json) (default "pretty")
-h, --help help for obacht
--rules-dir string use rules from this directory instead of embedded rules
--verbose enable verbose output
-v, --version version for obacht
Use "obacht [command] --help" for more information about a command.
```
## Resources
- [Foomo Security](https://www.foomo.org/blog/tag/security/)
- [Pareto Security](https://github.com/ParetoSecurity/pareto-mac)
## How to Contribute
Contributions are welcome! Please read the [contributing guide](CONTRIBUTING.md).
## License
Distributed under MIT License, please see license file within the code for more details.
_Made with ♥ [foomo](https://www.foomo.org) by [bestbytes](https://www.bestbytes.com)_