GitGuardian CLI tool that acts as an outpost to extract, hash, and transfer secrets metadata to GitGuardian Platform

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for GitGuardian from gravatar.com GitGuardian

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Proprietary
  • Author: GitGuardian
  • Tags cli , devops , gitguardian , secrets , security
  • Requires: Python >=3.8
Classifiers
Report project as malware

Project description

ggscout

GitGuardian CLI tool for NHI (Non-Human Identity) discovery and remediation

ggscout is a Rust-powered command-line tool by GitGuardian that discovers and inventories Non-Human Identities (NHIs) across your production infrastructure. NHIs include services, applications, containers, and automation scripts that authenticate and access resources without human intervention. ggscout maps these identities, their permissions, and associated secrets to help organizations understand their NHI landscape and bootstrap incident remediation.

Installation

# Using uv (recommended)
uv tool install ggscout

# Using pip
pip install ggscout

Note: This is a Rust binary packaged for distribution via PyPI

Basic Usage

# Display help
ggscout --help

# Fetch secrets from configuration
ggscout fetch config.toml

# Run with debug logging
ggscout --verbose DEBUG fetch config.toml

Supported Platforms

ggscout inventories Non-Human Identities from:

  • HashiCorp Vault - KV stores, dynamic secrets, auth methods
  • AWS Secrets Manager - Secrets and associated IAM roles
  • Azure Key Vault - Keys, secrets, and managed identities
  • Google Cloud Secret Manager - Secrets and service accounts
  • Kubernetes/OpenShift - Secrets, ConfigMaps, Deployments, ServiceAccounts, Environment Variables
  • Akeyless Vault - Static and dynamic secrets
  • CyberArk SaaS / CyberArk Self-Hosted - Application identities and secrets
  • Delinea Secret Server - Machine accounts and credentials
  • GitLab CI - Project variables and pipeline identities

Key Features

  • Comprehensive NHI Discovery - Inventories services, roles, and secrets across platforms
  • Production-ready - Built for production environments with secure data handling
  • Multi-platform Support - Works with major secret management and orchestration platforms
  • Secure Transfer - Optional hashing before transmission to GitGuardian platform
  • High Performance - Rust implementation optimized for large-scale inventories
  • Flexible Configuration - TOML-based config with environment variable interpolation

Configuration Example

[sources.vault]
type = "hashicorpvault"
vault_address = "${VAULT_ADDR}"

[sources.vault.auth]
auth_mode = "token"
token = "${VAULT_TOKEN}"

[sources.k8s]
type = "k8s"
kubeconfig_path = "~/.kube/config"

Documentation

Official ggscout Documentation

About GitGuardian

GitGuardian is the code security platform for automated secrets detection and remediation across all environments from source code to production.

ggscout integrates with GitGuardian's platform to provide comprehensive visibility and control over Non-Human Identities in your production infrastructure, enabling better security posture management and incident remediation.

License

This project is licensed under a Proprietary License.

Support

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for GitGuardian from gravatar.com GitGuardian

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Proprietary
  • Author: GitGuardian
  • Tags cli , devops , gitguardian , secrets , security
  • Requires: Python >=3.8
Classifiers

Release history Release notifications | RSS feed

This version

0.27.0

0.26.0

0.25.1

0.25.0

0.24.0

0.23.1

0.23.0

0.22.0

0.21.1

0.21.0

0.20.0

0.19.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distributions

No source distribution files available for this release.See tutorial on generating distribution archives.

Built Distributions

If you're not sure about the file name format, learn more about wheel file names.

ggscout-0.27.0-py3-none-musllinux_1_2_x86_64.whl (11.4 MB view details)

Uploaded Python 3musllinux: musl 1.2+ x86-64

ggscout-0.27.0-py3-none-musllinux_1_2_aarch64.whl (10.3 MB view details)

Uploaded Python 3musllinux: musl 1.2+ ARM64

ggscout-0.27.0-py3-none-manylinux_2_28_aarch64.whl (10.4 MB view details)

Uploaded Python 3manylinux: glibc 2.28+ ARM64

ggscout-0.27.0-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (11.3 MB view details)

Uploaded Python 3manylinux: glibc 2.17+ x86-64

ggscout-0.27.0-py3-none-macosx_11_0_arm64.whl (9.9 MB view details)

Uploaded Python 3macOS 11.0+ ARM64

ggscout-0.27.0-py3-none-macosx_10_12_x86_64.whl (10.8 MB view details)

Uploaded Python 3macOS 10.12+ x86-64

File details

Details for the file ggscout-0.27.0-py3-none-musllinux_1_2_x86_64.whl.

File metadata

File hashes

Hashes for ggscout-0.27.0-py3-none-musllinux_1_2_x86_64.whl
Algorithm Hash digest
SHA256 35e44b4096b3a3c7762ec8561fee32a45aea71452e9d285b5d0e669a61941a42
MD5 54b91c257f7a87ff445ab3ac26a92c9d
BLAKE2b-256 efa3c9ef219f7b61321ac088471417f864fa56b6af2d21ce28aeee0b1ba60b19

See more details on using hashes here.

Provenance

The following attestation bundles were made for ggscout-0.27.0-py3-none-musllinux_1_2_x86_64.whl:

Publisher: build_release_matrix.yml on GitGuardian/ggscout

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file ggscout-0.27.0-py3-none-musllinux_1_2_aarch64.whl.

File metadata

File hashes

Hashes for ggscout-0.27.0-py3-none-musllinux_1_2_aarch64.whl
Algorithm Hash digest
SHA256 32cd41c6814f448fead6e2fffc9b514c5c51e3439ee445b24be47ae663313db5
MD5 86f1af684157a50976d883aece29b42d
BLAKE2b-256 dcbdc108625630b029f771b81875dba1e2a86430ecaf8b1eeb208d269905dea8

See more details on using hashes here.

Provenance

The following attestation bundles were made for ggscout-0.27.0-py3-none-musllinux_1_2_aarch64.whl:

Publisher: build_release_matrix.yml on GitGuardian/ggscout

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file ggscout-0.27.0-py3-none-manylinux_2_28_aarch64.whl.

File metadata

File hashes

Hashes for ggscout-0.27.0-py3-none-manylinux_2_28_aarch64.whl
Algorithm Hash digest
SHA256 6820dc64363554048d046277fae4ed37d292484a40d52b6bc08ff19da72442ba
MD5 84260b6f23033b8599421fc92aa9b135
BLAKE2b-256 838df37c66443df9f8c5809ee80b2a0a3197e509a02522ab5f3ff0c02e9934a6

See more details on using hashes here.

Provenance

The following attestation bundles were made for ggscout-0.27.0-py3-none-manylinux_2_28_aarch64.whl:

Publisher: build_release_matrix.yml on GitGuardian/ggscout

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file ggscout-0.27.0-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.

File metadata

File hashes

Hashes for ggscout-0.27.0-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
Algorithm Hash digest
SHA256 81e0ca48d192077b13da124cbcabcc905f62007c3abdbad0a5b9c04760382aac
MD5 ab0cc7091d88dafce75e1ce65096a3d8
BLAKE2b-256 3acea1a76da830a014e2e2ab90c726614931c5614fb310d683f91e9049712257

See more details on using hashes here.

Provenance

The following attestation bundles were made for ggscout-0.27.0-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl:

Publisher: build_release_matrix.yml on GitGuardian/ggscout

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file ggscout-0.27.0-py3-none-macosx_11_0_arm64.whl.

File metadata

File hashes

Hashes for ggscout-0.27.0-py3-none-macosx_11_0_arm64.whl
Algorithm Hash digest
SHA256 a313fc84d36f7343f6bc7940e630282754ed1aace3f8c792c919549cc7e2938c
MD5 3295123d5a0288b9713b0c91e2e9bafd
BLAKE2b-256 e890b1513e4df2928b004240268ed5e0248757a43eec3043ddf417930e542e49

See more details on using hashes here.

Provenance

The following attestation bundles were made for ggscout-0.27.0-py3-none-macosx_11_0_arm64.whl:

Publisher: build_release_matrix.yml on GitGuardian/ggscout

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file ggscout-0.27.0-py3-none-macosx_10_12_x86_64.whl.

File metadata

File hashes

Hashes for ggscout-0.27.0-py3-none-macosx_10_12_x86_64.whl
Algorithm Hash digest
SHA256 06d353c472c5927e71d65cdc05e89f00c4b5961b2bfd7fae4588fb0978f05bb5
MD5 d1d545354888b495e7ec700e7fb916f8
BLAKE2b-256 03186c10de5904901a950563490c4889b8aa92d7ad13e9f6618bab7046cbe8d6

See more details on using hashes here.

Provenance

The following attestation bundles were made for ggscout-0.27.0-py3-none-macosx_10_12_x86_64.whl:

Publisher: build_release_matrix.yml on GitGuardian/ggscout

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page