GitHub repositories created under any organization can be controlled by the GitHub administrators. However any repository created under an organization's user account is not controllable unless the organisation has adopted the GitHub enterprise-managed user (EMU) model.
Any public repository under the organization's user account that was created accidentally or for testing purposes could leak secrets, internal information, code etc. GitAlerts helps you detect and monitor such cases
Can be controlled by the administrator
https://github.com/<org>/<org-repo-name>
Can't be controlled by the administrator
https://github.com/<org-user>/<org-user-repo-name>
-
Download the binary file for your operating system / architecture from the Official GitHub Releases
-
You can also install
git-alerts
using homebrew in MacOS and Linux
brew tap boringtools/tap
brew install boringtools/tap/git-alerts
- Alternatively, build from source
Ensure $(go env GOPATH)/bin is in your $PATH
go install github.com/boringtools/git-alerts@main
Setup GitHub personal access token (PAT) as the environment variable, without PAT GitHub will only allow 60
request per hour.
export GITHUB_PAT=YOUR_GITHUB_PAT
Scan GitHub repositories belonging to your organization users
git-alerts scan --org your-org-name
Scan and generate report with custom path
git-alerts scan --org your-org-name --report-path /your/file/path/
Scan custom list of GitHub users
git-alerts scan --org your-org-name --users-file-path /path/to/csv/file
Ensure to pass CSV file with the list of GitHub usernames
username01
username02
username03
Monitor new public repositories being created by your organization users
git-alerts monitor --org your-org-name
Monitor new public repositories being created by your organization users with slack notification
git-alerts monitor --org your-org-name --slack-alert
Setup slack webhook token as the environment variable
export SLACK_HOOK=SLACK_WEBHOOK_URL
Monitor new public repositories being created by your organization users along with secrets detection
git-alerts monitor --org your-org-name --gitleaks
Monitor new public repositories being created by your organization users along with secrets detection and slack notification
git-alerts monitor --org your-org-name --gitleaks --slack-alert
Monitor custom list of GitHub users
git-alerts monitor --org your-org-name --users-file-path /path/to/csv/file
Ensure to pass CSV file with the list of GitHub usernames
username01
username02
username03
Scan with secrets detection using Trufflehog
Ensure trufflehog is installed in your machine
git-alerts detect --org your-org-name --trufflehog
git-alerts detect --org your-org-name --trufflehog-verified
Scan with secrets detection using Gitleaks
Ensure Gitleaks is installed in your machine
git-alerts detect --org your-org-name --gitleaks
Scan with secrets detection using custom list of GitHub users
git-alerts detect --org your-org-name --users-file-path /path/to/csv/file --gitleaks
Ensure to pass CSV file with the list of GitHub usernames
username01
username02
username03
Please feel to reach out for any feedback and suggestions