Skip to content
/ git Public

Assorted tools for security-related task for git repositories

License

Notifications You must be signed in to change notification settings

pownjs/git

Repository files navigation

Follow on Twitter NPM Fury default workflow SecApps

Pown Git

Pown Git is a comprehensive security scanning and testing solution for git repostories.

Credits

Some signatures were borrowed or heavily inspired by the following projects:

This tool is part of secapps.com open-source initiative.

  ___ ___ ___   _   ___ ___  ___
 / __| __/ __| /_\ | _ \ _ \/ __|
 \__ \ _| (__ / _ \|  _/  _/\__ \
 |___/___\___/_/ \_\_| |_|  |___/
  https://secapps.com

Authors

Quickstart

This tool is meant to be used as part of Pown.js, but it can be invoked separately as an independent tool.

Install Pown first as usual:

$ npm install -g pown@latest

Install git:

$ pown modules install @pown/git

Invoke directly from Pown:

$ pown git

Standalone Use

Install this module locally from the root of your project:

$ npm install @pown/git --save

Once done, invoke pown cli:

$ POWN_ROOT=. ./node_modules/.bin/pown-cli git

You can also use the global pown to invoke the tool locally:

$ POWN_ROOT=. pown git

Usage

WARNING: This pown command is currently under development and as a result will be subject to breaking changes.

pown-cli git <command>

Git security toolkit

Commands:
  pown-cli git clone <uri> [dir]  Clone git repository  [aliases: c]
  pown-cli git people <repo>      Extract all authors and committers in repository  [aliases: p]
  pown-cli git leaks <repo>       Search for leaks in git repository  [aliases: l, leak]

Options:
  --version  Show version number  [boolean]
  --help     Show help  [boolean]

pown-cli git clone <uri> [dir]

Clone git repository

Options:
  --version           Show version number  [boolean]
  --help              Show help  [boolean]
  --ref, -r           Which branch to checkout. By default this is the designated "main branch" of the repository.  [string]
  --depth, -d         Determines how much of the git repository's history to retrieve.  [number] [default: 10000]
  --singleBranch, -b  Instead of the default behavior of fetching all the branches, only fetch a single branch.  [boolean] [default: true]
  --githubKey         GitHub API Key. The key is either in the format username:password or username:token.  [string]
pown-cli git leaks <repo>

Search for leaks in git repository

Options:
  --version          Show version number  [boolean]
  --help             Show help  [boolean]
  --ref, -r          Which branch to scan. By default this is the designated "main branch" of the repository.  [string]
  --depth, -d        Determines how much of the git repository's history to retrieve.  [number] [default: Infinity]
  --concurrency, -c  Number of workers.  [number] [default: 10]
  --severity, -s     Miminum severity level.  [number] [default: 0]
  --write, -w        Write results to file.  [string]

pown-cli git people <repo>

Extract all authors and committers in repository

Options:
  --version    Show version number  [boolean]
  --help       Show help  [boolean]
  --ref, -r    Which branch to scan. By default this is the designated "main branch" of the repository.  [string]
  --depth, -d  Determines how much of the git repository's history to retrieve.  [number] [default: Infinity]
  --write, -w  Write results to file.  [string]

How To Contribute

See pown/leaks for instructions to how extend the leaks database.

About

Assorted tools for security-related task for git repositories

Resources

License

Stars

Watchers

Forks

Packages

No packages published