git-secret-scanner


Namegit-secret-scanner JSON
Version 0.3.3 PyPI version JSON
download
home_page
SummaryFind secrets in git repositories with TruffleHog & Gitleaks
upload_time2023-09-20 14:22:17
maintainer
docs_urlNone
authorPadok
requires_python>=3.11
license
keywords git scan secret security
VCS
bugtrack_url
requirements No requirements were recorded.
Travis-CI No Travis.
coveralls test coverage No coveralls.
            # git-secret-scanner

This tool aims to find secrets and credentials in git repositories owned by Organizations or Groups using the libraries [TruffleHog](https://trufflesecurity.com/) & [Gitleaks](https://gitleaks.io/).

> **Warning**
> 
> This tool is only designed for Linux and MacOS.
> The current version only supports GitLab and GitHub.

## Why this tool?

Trufflehog and Gitleaks are already designed to find secrets in git repositories. So you may wonder *"what is the purpose of a tool combining both scanners?"* 

These two tools have both their own strenghts and weaknesses:
- TruffleHog is very effective at classifying different secrets, but cannot find them all. It relies on detectors that can easily detect specific types of secrets, but not general secrets or general API keys.
- Gitleaks is able to find many more secrets, but is not as good as Trufflehog at classification. It contains fewer detectors and relies on string entropy to detect potential secrets that are not found by its detectors.

We designed this tool to combine the strenghts of both previous tools in order to find as many secrets as possible and to have an efficient classification of these secrets.

## Requirements

`git-secret-scanner` requires the following tools to work:
- [Python 3](https://www.python.org/downloads/) (>= 3.11)
- [pip](https://pip.pypa.io/en/stable/installation/)
- [git](https://git-scm.com/book/fr/v2/D%C3%A9marrage-rapide-Installation-de-Git)
- [TruffleHog](https://github.com/trufflesecurity/trufflehog) (>= 3.0)
- [Gitleaks](https://github.com/gitleaks/gitleaks) (>= 8.0)

You can easily check that all requirements are met with the commands below:

```bash
$ python --version
$ pip --version
$ git --version
$ trufflehog --version
$ gitleaks version
```

## Installation

### Using `pip`

The simplest way to install `git-secret-scanner` is with `pip`.

```bash
$ pip install git-secret-scanner
```

Then export your personal access token for ([GitHub](https://docs.github.com/en/enterprise-server@3.4/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token) or [GitLab](https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html)):

```bash
# GitHub
$ export GITHUB_TOKEN="<token>"
# GitLab
$ export GITLAB_TOKEN="<token>"
```

### From source

1. Clone the repository

```bash
$ git clone https://github.com/padok-team/git-secret-scanner.git # using https
# or
$ git clone git@github.com:padok-team/git-secret-scanner.git # using ssh
$ cd git-secret-scanner
```

2. Install the Python requirements to run the tool

```bash
$ pip install -r requirements.txt
```

3. Add your personal access token ([GitHub](https://docs.github.com/en/enterprise-server@3.4/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token) / [GitLab](https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html)) for your git SaaS in your environment variables:

```bash
# GitHub
$ export GITHUB_TOKEN="<token>"
# GitLab
$ export GITLAB_TOKEN="<token>"
```

> GitHub tokens require the `repo` scope, GitLab tokens require both `read_api` and `read_repository` scopes.

## Usage

To get detailed usage information about how to use this tool, run 

```bash
$ git-secret-scanner --help
```

### Examples

#### GitHub

Scan the repositories of the organization *my-org* and write the output in the file *output.csv*: 

```bash
$ git-secret-scanner github -o <my-org>
```

#### GitLab

Scan the repositories of the group *my-group* and write the output in the file *output.csv*: 

```bash
$ git-secret-scanner gitlab -o <my-org>
```

## Questions?

Open an issue to contact us or to give us suggestions. We are open to collaboration!

## License

[![License](https://img.shields.io/badge/License-Apache_2.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)

            

Raw data

            {
    "_id": null,
    "home_page": "",
    "name": "git-secret-scanner",
    "maintainer": "",
    "docs_url": null,
    "requires_python": ">=3.11",
    "maintainer_email": "",
    "keywords": "git,scan,secret,security",
    "author": "Padok",
    "author_email": "",
    "download_url": "https://files.pythonhosted.org/packages/e1/65/079bb996a08d21de1bb432b47bd288f4ee006bbad8301b0e1c5af2f43591/git_secret_scanner-0.3.3.tar.gz",
    "platform": null,
    "description": "# git-secret-scanner\n\nThis tool aims to find secrets and credentials in git repositories owned by Organizations or Groups using the libraries [TruffleHog](https://trufflesecurity.com/) &amp; [Gitleaks](https://gitleaks.io/).\n\n> **Warning**\n> \n> This tool is only designed for Linux and MacOS.\n> The current version only supports GitLab and GitHub.\n\n## Why this tool?\n\nTrufflehog and Gitleaks are already designed to find secrets in git repositories. So you may wonder *\"what is the purpose of a tool combining both scanners?\"* \n\nThese two tools have both their own strenghts and weaknesses:\n- TruffleHog is very effective at classifying different secrets, but cannot find them all. It relies on detectors that can easily detect specific types of secrets, but not general secrets or general API keys.\n- Gitleaks is able to find many more secrets, but is not as good as Trufflehog at classification. It contains fewer detectors and relies on string entropy to detect potential secrets that are not found by its detectors.\n\nWe designed this tool to combine the strenghts of both previous tools in order to find as many secrets as possible and to have an efficient classification of these secrets.\n\n## Requirements\n\n`git-secret-scanner` requires the following tools to work:\n- [Python 3](https://www.python.org/downloads/) (>= 3.11)\n- [pip](https://pip.pypa.io/en/stable/installation/)\n- [git](https://git-scm.com/book/fr/v2/D%C3%A9marrage-rapide-Installation-de-Git)\n- [TruffleHog](https://github.com/trufflesecurity/trufflehog) (>= 3.0)\n- [Gitleaks](https://github.com/gitleaks/gitleaks) (>= 8.0)\n\nYou can easily check that all requirements are met with the commands below:\n\n```bash\n$ python --version\n$ pip --version\n$ git --version\n$ trufflehog --version\n$ gitleaks version\n```\n\n## Installation\n\n### Using `pip`\n\nThe simplest way to install `git-secret-scanner` is with `pip`.\n\n```bash\n$ pip install git-secret-scanner\n```\n\nThen export your personal access token for ([GitHub](https://docs.github.com/en/enterprise-server@3.4/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token) or [GitLab](https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html)):\n\n```bash\n# GitHub\n$ export GITHUB_TOKEN=\"<token>\"\n# GitLab\n$ export GITLAB_TOKEN=\"<token>\"\n```\n\n### From source\n\n1. Clone the repository\n\n```bash\n$ git clone https://github.com/padok-team/git-secret-scanner.git # using https\n# or\n$ git clone git@github.com:padok-team/git-secret-scanner.git # using ssh\n$ cd git-secret-scanner\n```\n\n2. Install the Python requirements to run the tool\n\n```bash\n$ pip install -r requirements.txt\n```\n\n3. Add your personal access token ([GitHub](https://docs.github.com/en/enterprise-server@3.4/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token) / [GitLab](https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html)) for your git SaaS in your environment variables:\n\n```bash\n# GitHub\n$ export GITHUB_TOKEN=\"<token>\"\n# GitLab\n$ export GITLAB_TOKEN=\"<token>\"\n```\n\n> GitHub tokens require the `repo` scope, GitLab tokens require both `read_api` and `read_repository` scopes.\n\n## Usage\n\nTo get detailed usage information about how to use this tool, run \n\n```bash\n$ git-secret-scanner --help\n```\n\n### Examples\n\n#### GitHub\n\nScan the repositories of the organization *my-org* and write the output in the file *output.csv*: \n\n```bash\n$ git-secret-scanner github -o <my-org>\n```\n\n#### GitLab\n\nScan the repositories of the group *my-group* and write the output in the file *output.csv*: \n\n```bash\n$ git-secret-scanner gitlab -o <my-org>\n```\n\n## Questions?\n\nOpen an issue to contact us or to give us suggestions. We are open to collaboration!\n\n## License\n\n[![License](https://img.shields.io/badge/License-Apache_2.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)\n",
    "bugtrack_url": null,
    "license": "",
    "summary": "Find secrets in git repositories with TruffleHog & Gitleaks",
    "version": "0.3.3",
    "project_urls": {
        "Homepage": "https://github.com/padok-team/git-secret-scanner",
        "Repository": "https://github.com/padok-team/git-secret-scanner"
    },
    "split_keywords": [
        "git",
        "scan",
        "secret",
        "security"
    ],
    "urls": [
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "4b7be2ff14916874c168d9dd663878013fbcea80612c3225bbdd8cc93665fd3a",
                "md5": "b37e40b17f28e578ae287a0ee97d2adb",
                "sha256": "d455851f234611c7e691a26715e776b8e6b9b3f2774a2f5dc079326971986a4f"
            },
            "downloads": -1,
            "filename": "git_secret_scanner-0.3.3-py3-none-any.whl",
            "has_sig": false,
            "md5_digest": "b37e40b17f28e578ae287a0ee97d2adb",
            "packagetype": "bdist_wheel",
            "python_version": "py3",
            "requires_python": ">=3.11",
            "size": 36800,
            "upload_time": "2023-09-20T14:22:16",
            "upload_time_iso_8601": "2023-09-20T14:22:16.054278Z",
            "url": "https://files.pythonhosted.org/packages/4b/7b/e2ff14916874c168d9dd663878013fbcea80612c3225bbdd8cc93665fd3a/git_secret_scanner-0.3.3-py3-none-any.whl",
            "yanked": false,
            "yanked_reason": null
        },
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "e165079bb996a08d21de1bb432b47bd288f4ee006bbad8301b0e1c5af2f43591",
                "md5": "36e342a092aee718c01564303b9e9601",
                "sha256": "9bb4ba38dc98fbd67a8bec6afbbfbd886a16311bd000bc0ebae36a98765e9381"
            },
            "downloads": -1,
            "filename": "git_secret_scanner-0.3.3.tar.gz",
            "has_sig": false,
            "md5_digest": "36e342a092aee718c01564303b9e9601",
            "packagetype": "sdist",
            "python_version": "source",
            "requires_python": ">=3.11",
            "size": 32167,
            "upload_time": "2023-09-20T14:22:17",
            "upload_time_iso_8601": "2023-09-20T14:22:17.273326Z",
            "url": "https://files.pythonhosted.org/packages/e1/65/079bb996a08d21de1bb432b47bd288f4ee006bbad8301b0e1c5af2f43591/git_secret_scanner-0.3.3.tar.gz",
            "yanked": false,
            "yanked_reason": null
        }
    ],
    "upload_time": "2023-09-20 14:22:17",
    "github": true,
    "gitlab": false,
    "bitbucket": false,
    "codeberg": false,
    "github_user": "padok-team",
    "github_project": "git-secret-scanner",
    "travis_ci": false,
    "coveralls": false,
    "github_actions": true,
    "requirements": [],
    "lcname": "git-secret-scanner"
}
        
Elapsed time: 0.48770s