# GitHub IOC Scanner
A powerful command-line tool for scanning GitHub repositories to detect Indicators of Compromise (IOCs) in package dependencies across multiple programming languages and package managers.
[](https://www.python.org/downloads/)
[](https://opensource.org/licenses/MIT)
[](https://github.com/christianherweg0807/github_package_scanner)
## π Features
- **Multi-Language Support**: JavaScript/Node.js, Python, Ruby, PHP, Go, Rust
- **SBOM Integration**: Native support for Software Bill of Materials (SPDX, CycloneDX formats)
- **Flexible Scanning**: Organization-wide, team-specific, or individual repository scanning
- **High Performance**: Parallel processing with intelligent batching and caching
- **Real-time Progress**: Live progress tracking with ETA calculations
- **Supply Chain Security**: Detect compromised packages and typosquatting attacks
- **Comprehensive IOCs**: Pre-loaded with 2138+ known malicious packages including recent npm attacks
## π¦ Supported Package Managers & SBOM Formats
| Language | Package Managers | Files Scanned |
|----------|------------------|---------------|
| **JavaScript/Node.js** | npm, yarn, pnpm, bun | `package.json`, `package-lock.json`, `yarn.lock`, `pnpm-lock.yaml`, `bun.lockb` |
| **Python** | pip, pipenv, poetry | `requirements.txt`, `Pipfile.lock`, `poetry.lock`, `pyproject.toml` |
| **Ruby** | bundler | `Gemfile.lock` |
| **PHP** | composer | `composer.lock` |
| **Go** | go modules | `go.mod`, `go.sum` |
| **Rust** | cargo | `Cargo.lock` |
### SBOM (Software Bill of Materials) Support
| Format | File Extensions | Description |
|--------|----------------|-------------|
| **SPDX** | `.json`, `.xml` | Industry standard SBOM format |
| **CycloneDX** | `.json`, `.xml` | OWASP SBOM standard |
| **Generic** | `.json`, `.xml` | Custom SBOM formats |
**Supported SBOM Files**: `sbom.json`, `bom.json`, `cyclonedx.json`, `spdx.json`, `software-bill-of-materials.json`, and XML variants
## π οΈ Installation
### From PyPI (Recommended)
```bash
pip install github-ioc-scanner
```
### From Source
```bash
git clone https://github.com/christianherweg0807/github_package_scanner.git
cd github_package_scanner
pip install -e .
```
### Development Installation
```bash
git clone https://github.com/christianherweg0807/github_package_scanner.git
cd github_package_scanner
pip install -e ".[dev]"
```
## β‘ Quick Start
### 1. Set up GitHub Token
```bash
export GITHUB_TOKEN="your_github_token_here"
```
### 2. Basic Usage
```bash
# Scan all repositories in an organization
github-ioc-scan --org your-org
# Scan a specific repository
github-ioc-scan --org your-org --repo your-repo
# Fast scan (root-level files only)
github-ioc-scan --org your-org --fast
```
## π Usage Examples
### Organization Scanning
Scan all repositories in an organization:
```bash
github-ioc-scan --org your-org
```
### Team-based Scanning
Scan repositories belonging to a specific team:
```bash
github-ioc-scan --org your-org --team security-team
```
### Repository-specific Scanning
Scan a specific repository:
```bash
github-ioc-scan --org your-org --repo your-repo
```
### Fast Mode
For quick assessments, use fast mode to scan only root-level files:
```bash
github-ioc-scan --org your-org --fast
```
### Include Archived Repositories
By default, archived repositories are skipped. Include them with:
```bash
github-ioc-scan --org your-org --include-archived
```
### SBOM Scanning
Scan Software Bill of Materials files alongside traditional lockfiles:
```bash
# Default: Scan both lockfiles and SBOM files
github-ioc-scan --org your-org
# Scan only SBOM files (skip traditional lockfiles)
github-ioc-scan --org your-org --sbom-only
# Disable SBOM scanning (traditional lockfiles only)
github-ioc-scan --org your-org --disable-sbom
```
**Supported SBOM Formats:**
- SPDX (JSON/XML): `spdx.json`, `spdx.xml`
- CycloneDX (JSON/XML): `cyclonedx.json`, `bom.xml`
- Generic formats: `sbom.json`, `software-bill-of-materials.json`
### Batch Processing
For large organizations, use batch processing for optimal performance:
```bash
# Aggressive batching strategy
github-ioc-scan --org your-org --batch-strategy aggressive
# Custom concurrency limits
github-ioc-scan --org your-org --max-concurrent 10
# Enable cross-repository batching
github-ioc-scan --org your-org --enable-cross-repo-batching
```
### Verbose Output
Get detailed information during scanning:
```bash
github-ioc-scan --org your-org --verbose
```
## π Current IOC Coverage
The scanner includes comprehensive IOC definitions for:
### π¨ Latest npm Supply Chain Attack (September 2024)
**Heise Security Report**: [Neuer NPM-GroΓangriff: Selbst-vermehrende Malware infiziert Dutzende Pakete](https://www.heise.de/news/Neuer-NPM-Grossangriff-Selbst-vermehrende-Malware-infiziert-Dutzende-Pakete-10651111.html)
β
**Fully Covered**: All packages from this attack are included in our built-in IOC database
### Recent Supply Chain Attacks
- **S1ngularity/NX Attack (September 2024)**: 2039+ compromised npm packages with self-replicating worm payload
- **Coverage**: Fully covered in built-in IOC database
- **Reference**: [Heise Security Report](https://www.heise.de/news/Neuer-NPM-Grossangriff-Selbst-vermehrende-Malware-infiziert-Dutzende-Pakete-10651111.html)
- **Technical Details**: [Aikido Security Analysis](https://www.aikido.dev/blog/s1ngularity-nx-attackers-strike-again)
- **CrowdStrike Typosquatting Campaign**: 400+ malicious packages impersonating CrowdStrike
- **Shai Hulud Attack**: 99+ compromised packages with advanced evasion techniques
- **Historical Attacks**: Various documented supply chain compromises
### Attack Types Detected
- **Typosquatting**: Packages with names similar to popular libraries
- **Dependency Confusion**: Malicious packages targeting internal dependencies
- **Compromised Packages**: Legitimate packages that were later compromised
- **Backdoored Libraries**: Libraries with hidden malicious functionality
### Total Coverage
- **2138+ IOC Definitions**: Comprehensive coverage of known malicious packages
- **Regular Updates**: IOC definitions are continuously updated with new threats
- **Multi-language**: Coverage across all supported package managers
- **Current as of January 2025**: Includes latest npm supply chain attacks reported by Heise Security
## π Output Formats
### Standard Output
```
π Scanning organization: your-org
π Found 45 repositories to scan
[ββββββββββββββββββββββββββββββββ] 100% | 45/45 repositories | ETA: 0s
β οΈ THREATS DETECTED:
Repository: your-org/frontend-app
βββ package.json
β βββ π¨ CRITICAL: malicious-package@1.0.0
β βββ IOC Source: s1ngularity_nx_attack_2024.py
β βββ Description: Compromised package from S1ngularity NX attack
π Scan Summary:
βββ Repositories scanned: 45
βββ Files analyzed: 127
βββ Threats found: 1
βββ Scan duration: 23.4s
```
### JSON Output
```bash
github-ioc-scan --org your-org --output json
```
## βοΈ Configuration
### Environment Variables
| Variable | Description | Default |
|----------|-------------|---------|
| `GITHUB_TOKEN` | GitHub personal access token | Required |
| `GITHUB_IOC_CACHE_DIR` | Cache directory location | `~/.cache/github-ioc-scanner` |
| `GITHUB_IOC_LOG_LEVEL` | Logging level | `INFO` |
### Configuration File
Create a `config.yaml` file:
```yaml
github:
token: "your_token_here"
scanning:
fast_mode: false
include_archived: false
max_concurrent: 5
batch:
strategy: "adaptive"
enable_cross_repo_batching: true
cache:
enabled: true
ttl_hours: 24
```
## π Performance Features
### Intelligent Caching
- **File-level caching**: Avoid re-scanning unchanged files
- **ETag support**: Efficient GitHub API usage
- **Smart invalidation**: Automatic cache updates
### Parallel Processing
- **Concurrent requests**: Multiple repositories processed simultaneously
- **Batch optimization**: Intelligent request batching
- **Rate limit management**: Automatic rate limit handling
### Progress Tracking
- **Real-time updates**: Live progress bars with ETA
- **Detailed metrics**: Success rates, processing speeds
- **Performance monitoring**: Automatic performance optimization
## π‘οΈ Security Features
### Supply Chain Protection
- **Comprehensive IOC database**: 2138+ known malicious packages (including Heise-reported npm attacks)
- **Typosquatting detection**: Advanced pattern matching
- **Dependency analysis**: Deep dependency tree scanning
### Privacy & Security
- **Local processing**: All analysis done locally
- **Secure API usage**: Proper token handling
- **No data collection**: No telemetry or data sharing
## π Documentation
Comprehensive documentation is available in the `docs/` directory:
- [**Batch Processing Guide**](docs/BATCH_PROCESSING_TUTORIAL.md) - Advanced batch processing features
- [**Performance Optimization**](docs/PERFORMANCE.md) - Performance tuning and optimization
- [**Package Manager Support**](docs/PACKAGE_MANAGERS.md) - Detailed package manager information
- [**IOC Definitions**](docs/S1NGULARITY_IOC_SUMMARY.md) - Current IOC coverage and sources
- [**API Reference**](docs/BATCH_API_REFERENCE.md) - Complete API documentation
## π§ͺ Testing
Run the test suite:
```bash
# Run all tests
pytest
# Run with coverage
pytest --cov=src/github_ioc_scanner
# Run specific test categories
pytest tests/test_parsers.py # Parser tests
pytest tests/test_batch_*.py # Batch processing tests
```
## π€ Contributing
We welcome contributions! Please see our [Contributing Guidelines](CONTRIBUTING.md) for details.
### Development Setup
1. Fork the repository
2. Create a virtual environment: `python -m venv venv`
3. Activate it: `source venv/bin/activate` (Linux/Mac) or `venv\Scripts\activate` (Windows)
4. Install development dependencies: `pip install -e ".[dev]"`
5. Run tests: `pytest`
### Adding New IOCs
To add new IOC definitions:
1. Create or update files in the `issues/` directory
2. Follow the existing format: `IOC_PACKAGES = {"package-name": ["version1", "version2"]}`
3. Add documentation about the source and nature of the IOCs
4. Submit a pull request
## π License
This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.
## π Links
- [GitHub Repository](https://github.com/christianherweg0807/github_package_scanner)
- [PyPI Package](https://pypi.org/project/github-ioc-scanner/)
- [Documentation](docs/)
- [Issue Tracker](https://github.com/christianherweg0807/github_package_scanner/issues)
## β οΈ Disclaimer
This tool is provided for security research and defensive purposes only. The IOC definitions are based on publicly available threat intelligence and research. Always verify findings independently and follow responsible disclosure practices.
## π Acknowledgments
- Security researchers and organizations who share threat intelligence
- The open-source community for package manager tools and libraries
- GitHub for providing comprehensive APIs for repository analysis
---
**Made with β€οΈ for the security community**
Raw data
{
"_id": null,
"home_page": null,
"name": "github-ioc-scanner",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.8",
"maintainer_email": null,
"keywords": "security, supply-chain, ioc, github, scanner, malware, typosquatting",
"author": null,
"author_email": "GitHub IOC Scanner Contributors <security@example.com>",
"download_url": "https://files.pythonhosted.org/packages/91/f4/64de68120f4cfc0eb9a68c04ef4ea77c0082ee7a71eb287e1b95c0055221/github_ioc_scanner-1.2.0.tar.gz",
"platform": null,
"description": "# GitHub IOC Scanner\n\nA powerful command-line tool for scanning GitHub repositories to detect Indicators of Compromise (IOCs) in package dependencies across multiple programming languages and package managers.\n\n[](https://www.python.org/downloads/)\n[](https://opensource.org/licenses/MIT)\n[](https://github.com/christianherweg0807/github_package_scanner)\n\n## \ud83d\ude80 Features\n\n- **Multi-Language Support**: JavaScript/Node.js, Python, Ruby, PHP, Go, Rust\n- **SBOM Integration**: Native support for Software Bill of Materials (SPDX, CycloneDX formats)\n- **Flexible Scanning**: Organization-wide, team-specific, or individual repository scanning\n- **High Performance**: Parallel processing with intelligent batching and caching\n- **Real-time Progress**: Live progress tracking with ETA calculations\n- **Supply Chain Security**: Detect compromised packages and typosquatting attacks\n- **Comprehensive IOCs**: Pre-loaded with 2138+ known malicious packages including recent npm attacks\n\n## \ud83d\udce6 Supported Package Managers & SBOM Formats\n\n| Language | Package Managers | Files Scanned |\n|----------|------------------|---------------|\n| **JavaScript/Node.js** | npm, yarn, pnpm, bun | `package.json`, `package-lock.json`, `yarn.lock`, `pnpm-lock.yaml`, `bun.lockb` |\n| **Python** | pip, pipenv, poetry | `requirements.txt`, `Pipfile.lock`, `poetry.lock`, `pyproject.toml` |\n| **Ruby** | bundler | `Gemfile.lock` |\n| **PHP** | composer | `composer.lock` |\n| **Go** | go modules | `go.mod`, `go.sum` |\n| **Rust** | cargo | `Cargo.lock` |\n\n### SBOM (Software Bill of Materials) Support\n\n| Format | File Extensions | Description |\n|--------|----------------|-------------|\n| **SPDX** | `.json`, `.xml` | Industry standard SBOM format |\n| **CycloneDX** | `.json`, `.xml` | OWASP SBOM standard |\n| **Generic** | `.json`, `.xml` | Custom SBOM formats |\n\n**Supported SBOM Files**: `sbom.json`, `bom.json`, `cyclonedx.json`, `spdx.json`, `software-bill-of-materials.json`, and XML variants\n\n## \ud83d\udee0\ufe0f Installation\n\n### From PyPI (Recommended)\n\n```bash\npip install github-ioc-scanner\n```\n\n### From Source\n\n```bash\ngit clone https://github.com/christianherweg0807/github_package_scanner.git\ncd github_package_scanner\npip install -e .\n```\n\n### Development Installation\n\n```bash\ngit clone https://github.com/christianherweg0807/github_package_scanner.git\ncd github_package_scanner\npip install -e \".[dev]\"\n```\n\n## \u26a1 Quick Start\n\n### 1. Set up GitHub Token\n\n```bash\nexport GITHUB_TOKEN=\"your_github_token_here\"\n```\n\n### 2. Basic Usage\n\n```bash\n# Scan all repositories in an organization\ngithub-ioc-scan --org your-org\n\n# Scan a specific repository\ngithub-ioc-scan --org your-org --repo your-repo\n\n# Fast scan (root-level files only)\ngithub-ioc-scan --org your-org --fast\n```\n\n## \ud83d\udccb Usage Examples\n\n### Organization Scanning\n\nScan all repositories in an organization:\n```bash\ngithub-ioc-scan --org your-org\n```\n\n### Team-based Scanning\n\nScan repositories belonging to a specific team:\n```bash\ngithub-ioc-scan --org your-org --team security-team\n```\n\n### Repository-specific Scanning\n\nScan a specific repository:\n```bash\ngithub-ioc-scan --org your-org --repo your-repo\n```\n\n### Fast Mode\n\nFor quick assessments, use fast mode to scan only root-level files:\n```bash\ngithub-ioc-scan --org your-org --fast\n```\n\n### Include Archived Repositories\n\nBy default, archived repositories are skipped. Include them with:\n```bash\ngithub-ioc-scan --org your-org --include-archived\n```\n\n### SBOM Scanning\n\nScan Software Bill of Materials files alongside traditional lockfiles:\n\n```bash\n# Default: Scan both lockfiles and SBOM files\ngithub-ioc-scan --org your-org\n\n# Scan only SBOM files (skip traditional lockfiles)\ngithub-ioc-scan --org your-org --sbom-only\n\n# Disable SBOM scanning (traditional lockfiles only)\ngithub-ioc-scan --org your-org --disable-sbom\n```\n\n**Supported SBOM Formats:**\n- SPDX (JSON/XML): `spdx.json`, `spdx.xml`\n- CycloneDX (JSON/XML): `cyclonedx.json`, `bom.xml`\n- Generic formats: `sbom.json`, `software-bill-of-materials.json`\n\n### Batch Processing\n\nFor large organizations, use batch processing for optimal performance:\n```bash\n# Aggressive batching strategy\ngithub-ioc-scan --org your-org --batch-strategy aggressive\n\n# Custom concurrency limits\ngithub-ioc-scan --org your-org --max-concurrent 10\n\n# Enable cross-repository batching\ngithub-ioc-scan --org your-org --enable-cross-repo-batching\n```\n\n### Verbose Output\n\nGet detailed information during scanning:\n```bash\ngithub-ioc-scan --org your-org --verbose\n```\n\n## \ud83d\udd0d Current IOC Coverage\n\nThe scanner includes comprehensive IOC definitions for:\n\n### \ud83d\udea8 Latest npm Supply Chain Attack (September 2024)\n**Heise Security Report**: [Neuer NPM-Gro\u00dfangriff: Selbst-vermehrende Malware infiziert Dutzende Pakete](https://www.heise.de/news/Neuer-NPM-Grossangriff-Selbst-vermehrende-Malware-infiziert-Dutzende-Pakete-10651111.html)\n\n\u2705 **Fully Covered**: All packages from this attack are included in our built-in IOC database\n\n### Recent Supply Chain Attacks\n- **S1ngularity/NX Attack (September 2024)**: 2039+ compromised npm packages with self-replicating worm payload\n - **Coverage**: Fully covered in built-in IOC database\n - **Reference**: [Heise Security Report](https://www.heise.de/news/Neuer-NPM-Grossangriff-Selbst-vermehrende-Malware-infiziert-Dutzende-Pakete-10651111.html)\n - **Technical Details**: [Aikido Security Analysis](https://www.aikido.dev/blog/s1ngularity-nx-attackers-strike-again)\n- **CrowdStrike Typosquatting Campaign**: 400+ malicious packages impersonating CrowdStrike\n- **Shai Hulud Attack**: 99+ compromised packages with advanced evasion techniques\n- **Historical Attacks**: Various documented supply chain compromises\n\n### Attack Types Detected\n- **Typosquatting**: Packages with names similar to popular libraries\n- **Dependency Confusion**: Malicious packages targeting internal dependencies \n- **Compromised Packages**: Legitimate packages that were later compromised\n- **Backdoored Libraries**: Libraries with hidden malicious functionality\n\n### Total Coverage\n- **2138+ IOC Definitions**: Comprehensive coverage of known malicious packages\n- **Regular Updates**: IOC definitions are continuously updated with new threats\n- **Multi-language**: Coverage across all supported package managers\n- **Current as of January 2025**: Includes latest npm supply chain attacks reported by Heise Security\n\n## \ud83d\udcca Output Formats\n\n### Standard Output\n```\n\ud83d\udd0d Scanning organization: your-org\n\ud83d\udcc1 Found 45 repositories to scan\n[\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588] 100% | 45/45 repositories | ETA: 0s\n\n\u26a0\ufe0f THREATS DETECTED:\n\nRepository: your-org/frontend-app\n\u251c\u2500\u2500 package.json\n\u2502 \u2514\u2500\u2500 \ud83d\udea8 CRITICAL: malicious-package@1.0.0\n\u2502 \u2514\u2500\u2500 IOC Source: s1ngularity_nx_attack_2024.py\n\u2502 \u2514\u2500\u2500 Description: Compromised package from S1ngularity NX attack\n\n\ud83d\udcc8 Scan Summary:\n\u251c\u2500\u2500 Repositories scanned: 45\n\u251c\u2500\u2500 Files analyzed: 127\n\u251c\u2500\u2500 Threats found: 1\n\u2514\u2500\u2500 Scan duration: 23.4s\n```\n\n### JSON Output\n```bash\ngithub-ioc-scan --org your-org --output json\n```\n\n## \u2699\ufe0f Configuration\n\n### Environment Variables\n\n| Variable | Description | Default |\n|----------|-------------|---------|\n| `GITHUB_TOKEN` | GitHub personal access token | Required |\n| `GITHUB_IOC_CACHE_DIR` | Cache directory location | `~/.cache/github-ioc-scanner` |\n| `GITHUB_IOC_LOG_LEVEL` | Logging level | `INFO` |\n\n### Configuration File\n\nCreate a `config.yaml` file:\n\n```yaml\ngithub:\n token: \"your_token_here\"\n \nscanning:\n fast_mode: false\n include_archived: false\n max_concurrent: 5\n \nbatch:\n strategy: \"adaptive\"\n enable_cross_repo_batching: true\n \ncache:\n enabled: true\n ttl_hours: 24\n```\n\n## \ud83d\ude80 Performance Features\n\n### Intelligent Caching\n- **File-level caching**: Avoid re-scanning unchanged files\n- **ETag support**: Efficient GitHub API usage\n- **Smart invalidation**: Automatic cache updates\n\n### Parallel Processing\n- **Concurrent requests**: Multiple repositories processed simultaneously\n- **Batch optimization**: Intelligent request batching\n- **Rate limit management**: Automatic rate limit handling\n\n### Progress Tracking\n- **Real-time updates**: Live progress bars with ETA\n- **Detailed metrics**: Success rates, processing speeds\n- **Performance monitoring**: Automatic performance optimization\n\n## \ud83d\udee1\ufe0f Security Features\n\n### Supply Chain Protection\n- **Comprehensive IOC database**: 2138+ known malicious packages (including Heise-reported npm attacks)\n- **Typosquatting detection**: Advanced pattern matching\n- **Dependency analysis**: Deep dependency tree scanning\n\n### Privacy & Security\n- **Local processing**: All analysis done locally\n- **Secure API usage**: Proper token handling\n- **No data collection**: No telemetry or data sharing\n\n## \ud83d\udcda Documentation\n\nComprehensive documentation is available in the `docs/` directory:\n\n- [**Batch Processing Guide**](docs/BATCH_PROCESSING_TUTORIAL.md) - Advanced batch processing features\n- [**Performance Optimization**](docs/PERFORMANCE.md) - Performance tuning and optimization\n- [**Package Manager Support**](docs/PACKAGE_MANAGERS.md) - Detailed package manager information\n- [**IOC Definitions**](docs/S1NGULARITY_IOC_SUMMARY.md) - Current IOC coverage and sources\n- [**API Reference**](docs/BATCH_API_REFERENCE.md) - Complete API documentation\n\n## \ud83e\uddea Testing\n\nRun the test suite:\n\n```bash\n# Run all tests\npytest\n\n# Run with coverage\npytest --cov=src/github_ioc_scanner\n\n# Run specific test categories\npytest tests/test_parsers.py # Parser tests\npytest tests/test_batch_*.py # Batch processing tests\n```\n\n## \ud83e\udd1d Contributing\n\nWe welcome contributions! Please see our [Contributing Guidelines](CONTRIBUTING.md) for details.\n\n### Development Setup\n\n1. Fork the repository\n2. Create a virtual environment: `python -m venv venv`\n3. Activate it: `source venv/bin/activate` (Linux/Mac) or `venv\\Scripts\\activate` (Windows)\n4. Install development dependencies: `pip install -e \".[dev]\"`\n5. Run tests: `pytest`\n\n### Adding New IOCs\n\nTo add new IOC definitions:\n\n1. Create or update files in the `issues/` directory\n2. Follow the existing format: `IOC_PACKAGES = {\"package-name\": [\"version1\", \"version2\"]}`\n3. Add documentation about the source and nature of the IOCs\n4. Submit a pull request\n\n## \ud83d\udcc4 License\n\nThis project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.\n\n## \ud83d\udd17 Links\n\n- [GitHub Repository](https://github.com/christianherweg0807/github_package_scanner)\n- [PyPI Package](https://pypi.org/project/github-ioc-scanner/)\n- [Documentation](docs/)\n- [Issue Tracker](https://github.com/christianherweg0807/github_package_scanner/issues)\n\n## \u26a0\ufe0f Disclaimer\n\nThis tool is provided for security research and defensive purposes only. The IOC definitions are based on publicly available threat intelligence and research. Always verify findings independently and follow responsible disclosure practices.\n\n## \ud83d\ude4f Acknowledgments\n\n- Security researchers and organizations who share threat intelligence\n- The open-source community for package manager tools and libraries\n- GitHub for providing comprehensive APIs for repository analysis\n\n---\n\n**Made with \u2764\ufe0f for the security community**\n",
"bugtrack_url": null,
"license": "MIT",
"summary": "Scan GitHub repositories for Indicators of Compromise (IOCs) in package dependencies across multiple languages",
"version": "1.2.0",
"project_urls": {
"Changelog": "https://github.com/christianherweg0807/github_package_scanner/blob/main/CHANGELOG.md",
"Documentation": "https://github.com/christianherweg0807/github_package_scanner/tree/main/docs",
"Homepage": "https://github.com/christianherweg0807/github_package_scanner",
"Issues": "https://github.com/christianherweg0807/github_package_scanner/issues",
"Repository": "https://github.com/christianherweg0807/github_package_scanner"
},
"split_keywords": [
"security",
" supply-chain",
" ioc",
" github",
" scanner",
" malware",
" typosquatting"
],
"urls": [
{
"comment_text": null,
"digests": {
"blake2b_256": "f83877d383d5e8fd7e8cab0f05363f795a66361c0d9d2c36b2bfb1310535f083",
"md5": "7c7189b5fbdf1729fd817c2b38a5ad2c",
"sha256": "7533c8a3b616f1e27809f6844321d3da122b7e1b0bd86705f091cdd18f4a549c"
},
"downloads": -1,
"filename": "github_ioc_scanner-1.2.0-py3-none-any.whl",
"has_sig": false,
"md5_digest": "7c7189b5fbdf1729fd817c2b38a5ad2c",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.8",
"size": 194013,
"upload_time": "2025-09-18T12:29:07",
"upload_time_iso_8601": "2025-09-18T12:29:07.204782Z",
"url": "https://files.pythonhosted.org/packages/f8/38/77d383d5e8fd7e8cab0f05363f795a66361c0d9d2c36b2bfb1310535f083/github_ioc_scanner-1.2.0-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": null,
"digests": {
"blake2b_256": "91f464de68120f4cfc0eb9a68c04ef4ea77c0082ee7a71eb287e1b95c0055221",
"md5": "313b916c4bd3e6266f812a30c7c55402",
"sha256": "081b15ac0d0579fc0237a24d232af76f3781c79f9b38f5a006a2cfce62417c46"
},
"downloads": -1,
"filename": "github_ioc_scanner-1.2.0.tar.gz",
"has_sig": false,
"md5_digest": "313b916c4bd3e6266f812a30c7c55402",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.8",
"size": 328597,
"upload_time": "2025-09-18T12:29:08",
"upload_time_iso_8601": "2025-09-18T12:29:08.549292Z",
"url": "https://files.pythonhosted.org/packages/91/f4/64de68120f4cfc0eb9a68c04ef4ea77c0082ee7a71eb287e1b95c0055221/github_ioc_scanner-1.2.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2025-09-18 12:29:08",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "christianherweg0807",
"github_project": "github_package_scanner",
"travis_ci": false,
"coveralls": false,
"github_actions": false,
"lcname": "github-ioc-scanner"
}
JSON
