<div align="center">
<img src="https://raw.githubusercontent.com/spark1security/n0s1/main/docs/imgs/logo.png" width="200">
[![GitHub Release][release-img]][release]
[![License: Apache-2.0][license-img]][license]
![Docker Pulls][docker-pulls]
[🏠 Homepage][homepage]
[📖 Documentation][docs]
</div>
# n0s1 - Secret Scanner
n0s1 ([pronunciation](https://en.wiktionary.org/wiki/nosy#Pronunciation)) is a secret scanner for Jira, Confluence, Asana, Wrike and Linear.app. It scans all tickets/items/issues within the chosen platform in search of any leaked secrets in the titles, bodies, and comments. It is open-source and it can be easily extended to support scanning many others Project Management and Issue Tracker platforms.
These secrets are identified by comparing them against an adaptable configuration file named [regex.yaml](https://github.com/spark1security/n0s1/blob/main/src/n0s1/config/regex.yaml). Alternative TOML format is also supported: [regex.toml](https://github.com/spark1security/n0s1/blob/main/src/n0s1/config/regex.toml). The scanner specifically looks for sensitive information, which includes:
* Github Personal Access Tokens
* GitLab Personal Access Tokens
* AWS Access Tokens
* PKCS8 private keys
* RSA private keys
* SSH private keys
* npm access tokens
### Currently supported target platforms:
* [Jira](https://www.atlassian.com/software/jira)
* [Confluence](https://www.atlassian.com/software/confluence)
* [Asana](https://asana.com)
* [Wrike](https://www.wrike.com)
* [Linear](https://linear.app/)
### Install
```bash
python3 -m ensurepip --upgrade
python3 -m pip install --upgrade n0s1
n0s1 --help
```
### Quick Start
[CLI:](https://pypi.org/project/n0s1/)
```bash
python3 -m pip install n0s1
n0s1 jira_scan --server "https://<YOUR_JIRA_SERVER>.atlassian.net" --api-key "<YOUR_JIRA_API_TOKEN>"
```
[Docker:](https://hub.docker.com/r/spark1security/n0s1)
```bash
docker run spark1security/n0s1 jira_scan --server "https://<YOUR_JIRA_SERVER>.atlassian.net" --api-key "<YOUR_JIRA_API_TOKEN>"
```
[From source:](https://github.com/spark1security/n0s1#quick-start)
```bash
git clone https://github.com/spark1security/n0s1.git
cd n0s1/src/n0s1
python3 -m venv n0s1_python
source n0s1_python/bin/activate
python3 -m pip install -r ../../requirements.txt
python3 n0s1.py jira_scan --server "https://<YOUR_JIRA_SERVER>.atlassian.net" --api-key "<YOUR_JIRA_API_TOKEN>"
deactivate
```
[GitHub Actions:](https://github.com/marketplace/actions/spark-1-n0s1)
```yaml
jobs:
jira_secret_scanning:
steps:
- uses: spark1security/n0s1-action@main
env:
JIRA_TOKEN: ${{ secrets.JIRA_API_TOKEN }}
with:
scan-target: 'jira_scan'
user-email: 'service_account@<YOUR_COMPANY>.atlassian.net'
platform-url: 'https://<YOUR_COMPANY>.atlassian.net'
```
GitLab CI - Add the following job to your .gitlab-ci.yml file:
```yaml
jira-scan:
stage: test
image:
name: spark1security/n0s1
entrypoint: [""]
script:
- n0s1 jira_scan --email "service_account@<YOUR_COMPANY>.atlassian.net" --api-key $JIRA_TOKEN --server "https://<YOUR_COMPANY>.atlassian.net" --report-file gl-dast-report.json --report-format gitlab
- apt-get update
- apt-get -y install jq
- cat gl-dast-report.json | jq
artifacts:
reports:
dast:
- gl-dast-report.json
```
## Want more? Check out Spark 1
If you liked n0s1, you will love Spark 1 which builds on top of n0s1 to provide even more enhanced capabilities for a complete security management offering.
Don't forget to check out the <https://spark1.us> website for more information about our products and services.
If you'd like to contact Spark 1 or request a demo, please use the [free consultation form](https://spark1.us/contact-us-1).
## Community
n0s1 is a [Spark 1](https://spark1.us) open source project.
Learn about our open source work and portfolio [here](https://spark1.us/n0s1).
Contact us about any matter by opening a GitHub Discussion [here](https://github.com/spark1security/n0s1/issues)
[docker-pulls]: https://img.shields.io/docker/pulls/spark1security/n0s1?logo=docker&label=docker%20pulls%20%2F%20n0s1
[release]: https://github.com/spark1security/n0s1/releases
[release-img]: https://img.shields.io/github/v/release/spark1security/n0s1.svg?logo=github
[github-downloads-img]: https://img.shields.io/github/downloads/spark1security/n0s1/total?logo=github
[license]: https://github.com/spark1security/n0s1/blob/main/LICENSE
[license-img]: https://img.shields.io/badge/license-GPLv3-blue
[homepage]: https://spark1.us/n0s1
[docs]: https://docs.google.com/document/d/1p8L2dOdCwcIphMprtnewCoKOy9VeQFcC9ZIsLUWs_xE/edit?usp=sharing
Raw data
{
"_id": null,
"home_page": "https://spark1.us/n0s1",
"name": "n0s1",
"maintainer": null,
"docs_url": null,
"requires_python": "<4,>=3.8",
"maintainer_email": null,
"keywords": "security, cybersecurity, scanner, secret scanner, secret leak, data leak, Jira, Confluence, Asana, Wrike, Linear, security scanner",
"author": "Spark 1",
"author_email": "contact@spark1.us",
"download_url": "https://files.pythonhosted.org/packages/24/2b/6da19bc7c22a60d41f314b3e3cbc34b401f67301aa7364298f000d70355a/n0s1-1.0.17.tar.gz",
"platform": null,
"description": "<div align=\"center\">\n<img src=\"https://raw.githubusercontent.com/spark1security/n0s1/main/docs/imgs/logo.png\" width=\"200\">\n\n[![GitHub Release][release-img]][release]\n[![License: Apache-2.0][license-img]][license]\n![Docker Pulls][docker-pulls]\n\n[\ud83c\udfe0 Homepage][homepage]\n[\ud83d\udcd6 Documentation][docs]\n</div>\n\n\n# n0s1 - Secret Scanner\nn0s1 ([pronunciation](https://en.wiktionary.org/wiki/nosy#Pronunciation)) is a secret scanner for Jira, Confluence, Asana, Wrike and Linear.app. It scans all tickets/items/issues within the chosen platform in search of any leaked secrets in the titles, bodies, and comments. It is open-source and it can be easily extended to support scanning many others Project Management and Issue Tracker platforms.\n\nThese secrets are identified by comparing them against an adaptable configuration file named [regex.yaml](https://github.com/spark1security/n0s1/blob/main/src/n0s1/config/regex.yaml). Alternative TOML format is also supported: [regex.toml](https://github.com/spark1security/n0s1/blob/main/src/n0s1/config/regex.toml). The scanner specifically looks for sensitive information, which includes:\n* Github Personal Access Tokens\n* GitLab Personal Access Tokens\n* AWS Access Tokens\n* PKCS8 private keys\n* RSA private keys\n* SSH private keys\n* npm access tokens\n\n### Currently supported target platforms:\n* [Jira](https://www.atlassian.com/software/jira)\n* [Confluence](https://www.atlassian.com/software/confluence)\n* [Asana](https://asana.com)\n* [Wrike](https://www.wrike.com)\n* [Linear](https://linear.app/)\n\n### Install\n```bash\npython3 -m ensurepip --upgrade\npython3 -m pip install --upgrade n0s1\nn0s1 --help\n```\n\n### Quick Start\n[CLI:](https://pypi.org/project/n0s1/)\n```bash\npython3 -m pip install n0s1\nn0s1 jira_scan --server \"https://<YOUR_JIRA_SERVER>.atlassian.net\" --api-key \"<YOUR_JIRA_API_TOKEN>\"\n```\n\n[Docker:](https://hub.docker.com/r/spark1security/n0s1)\n```bash\ndocker run spark1security/n0s1 jira_scan --server \"https://<YOUR_JIRA_SERVER>.atlassian.net\" --api-key \"<YOUR_JIRA_API_TOKEN>\"\n```\n\n[From source:](https://github.com/spark1security/n0s1#quick-start)\n```bash\ngit clone https://github.com/spark1security/n0s1.git\ncd n0s1/src/n0s1\npython3 -m venv n0s1_python\nsource n0s1_python/bin/activate\npython3 -m pip install -r ../../requirements.txt\npython3 n0s1.py jira_scan --server \"https://<YOUR_JIRA_SERVER>.atlassian.net\" --api-key \"<YOUR_JIRA_API_TOKEN>\"\ndeactivate\n```\n\n[GitHub Actions:](https://github.com/marketplace/actions/spark-1-n0s1)\n```yaml\njobs:\n jira_secret_scanning:\n steps:\n - uses: spark1security/n0s1-action@main\n env:\n JIRA_TOKEN: ${{ secrets.JIRA_API_TOKEN }}\n with:\n scan-target: 'jira_scan'\n user-email: 'service_account@<YOUR_COMPANY>.atlassian.net'\n platform-url: 'https://<YOUR_COMPANY>.atlassian.net'\n```\n\nGitLab CI - Add the following job to your .gitlab-ci.yml file:\n```yaml\njira-scan:\n stage: test\n image:\n name: spark1security/n0s1\n entrypoint: [\"\"]\n script:\n - n0s1 jira_scan --email \"service_account@<YOUR_COMPANY>.atlassian.net\" --api-key $JIRA_TOKEN --server \"https://<YOUR_COMPANY>.atlassian.net\" --report-file gl-dast-report.json --report-format gitlab\n - apt-get update\n - apt-get -y install jq\n - cat gl-dast-report.json | jq\n artifacts:\n reports:\n dast:\n - gl-dast-report.json\n```\n\n## Want more? Check out Spark 1\n\nIf you liked n0s1, you will love Spark 1 which builds on top of n0s1 to provide even more enhanced capabilities for a complete security management offering.\n\nDon't forget to check out the <https://spark1.us> website for more information about our products and services.\n\nIf you'd like to contact Spark 1 or request a demo, please use the [free consultation form](https://spark1.us/contact-us-1).\n\n## Community\n\nn0s1 is a [Spark 1](https://spark1.us) open source project. \nLearn about our open source work and portfolio [here](https://spark1.us/n0s1). \nContact us about any matter by opening a GitHub Discussion [here](https://github.com/spark1security/n0s1/issues)\n\n\n\n[docker-pulls]: https://img.shields.io/docker/pulls/spark1security/n0s1?logo=docker&label=docker%20pulls%20%2F%20n0s1\n[release]: https://github.com/spark1security/n0s1/releases\n[release-img]: https://img.shields.io/github/v/release/spark1security/n0s1.svg?logo=github\n[github-downloads-img]: https://img.shields.io/github/downloads/spark1security/n0s1/total?logo=github\n[license]: https://github.com/spark1security/n0s1/blob/main/LICENSE\n[license-img]: https://img.shields.io/badge/license-GPLv3-blue\n[homepage]: https://spark1.us/n0s1\n[docs]: https://docs.google.com/document/d/1p8L2dOdCwcIphMprtnewCoKOy9VeQFcC9ZIsLUWs_xE/edit?usp=sharing\n\n\n\n",
"bugtrack_url": null,
"license": null,
"summary": "Secret Scanner for Jira, Confluence, Asana, Wrike and Linear. Prevent credential leaks with n0s1.",
"version": "1.0.17",
"project_urls": {
"Bug Reports": "https://github.com/spark1security/n0s1/issues",
"Funding": "https://gofund.me/c6a0520c",
"Homepage": "https://spark1.us/n0s1",
"Source": "https://github.com/spark1security/n0s1"
},
"split_keywords": [
"security",
" cybersecurity",
" scanner",
" secret scanner",
" secret leak",
" data leak",
" jira",
" confluence",
" asana",
" wrike",
" linear",
" security scanner"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "36b7584ee42889a31ca36ed68348402da895c29fec47beb6844060d0bd29fdf6",
"md5": "ddfb1369be222f2c96afe547e012774f",
"sha256": "016e7e5c62ff8221ea1bf2ec7724e4413bba30578ea25b329c32a0d00a122ac9"
},
"downloads": -1,
"filename": "n0s1-1.0.17-py3-none-any.whl",
"has_sig": false,
"md5_digest": "ddfb1369be222f2c96afe547e012774f",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": "<4,>=3.8",
"size": 60310,
"upload_time": "2024-03-21T05:11:15",
"upload_time_iso_8601": "2024-03-21T05:11:15.308749Z",
"url": "https://files.pythonhosted.org/packages/36/b7/584ee42889a31ca36ed68348402da895c29fec47beb6844060d0bd29fdf6/n0s1-1.0.17-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "242b6da19bc7c22a60d41f314b3e3cbc34b401f67301aa7364298f000d70355a",
"md5": "e78635bac9397ecd01a815c0625e476a",
"sha256": "909913d23e5b6f5cb5274c2d7bc32ee7fb77e6c1cbc1864672c61ada8b8d7c00"
},
"downloads": -1,
"filename": "n0s1-1.0.17.tar.gz",
"has_sig": false,
"md5_digest": "e78635bac9397ecd01a815c0625e476a",
"packagetype": "sdist",
"python_version": "source",
"requires_python": "<4,>=3.8",
"size": 52286,
"upload_time": "2024-03-21T05:11:17",
"upload_time_iso_8601": "2024-03-21T05:11:17.258541Z",
"url": "https://files.pythonhosted.org/packages/24/2b/6da19bc7c22a60d41f314b3e3cbc34b401f67301aa7364298f000d70355a/n0s1-1.0.17.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-03-21 05:11:17",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "spark1security",
"github_project": "n0s1",
"travis_ci": false,
"coveralls": false,
"github_actions": false,
"requirements": [],
"lcname": "n0s1"
}
JSON
