GitGuardian CLI tool that acts as an outpost to extract, hash, and transfer secrets metadata to GitGuardian Platform

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for GitGuardian from gravatar.com GitGuardian

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Proprietary
  • Author: GitGuardian
  • Tags cli , devops , gitguardian , secrets , security
  • Requires: Python >=3.8
Classifiers
Report project as malware

Project description

ggscout

GitGuardian CLI tool for NHI (Non-Human Identity) discovery and remediation

ggscout is a Rust-powered command-line tool by GitGuardian that discovers and inventories Non-Human Identities (NHIs) across your production infrastructure. NHIs include services, applications, containers, and automation scripts that authenticate and access resources without human intervention. ggscout maps these identities, their permissions, and associated secrets to help organizations understand their NHI landscape and bootstrap incident remediation.

Installation

# Using uv (recommended)
uv tool install ggscout

# Using pip
pip install ggscout

Note: This is a Rust binary packaged for distribution via PyPI

Basic Usage

# Display help
ggscout --help

# Fetch secrets from configuration
ggscout fetch config.toml

# Run with debug logging
ggscout --verbose DEBUG fetch config.toml

Supported Platforms

ggscout inventories Non-Human Identities from:

  • HashiCorp Vault - KV stores, dynamic secrets, auth methods
  • AWS Secrets Manager - Secrets and associated IAM roles
  • Azure Key Vault - Keys, secrets, and managed identities
  • Google Cloud Secret Manager - Secrets and service accounts
  • Kubernetes/OpenShift - Secrets, ConfigMaps, Deployments, ServiceAccounts, Environment Variables
  • Akeyless Vault - Static and dynamic secrets
  • CyberArk SaaS / CyberArk Self-Hosted - Application identities and secrets
  • Delinea Secret Server - Machine accounts and credentials
  • GitLab CI - Project variables and pipeline identities

Key Features

  • Comprehensive NHI Discovery - Inventories services, roles, and secrets across platforms
  • Production-ready - Built for production environments with secure data handling
  • Multi-platform Support - Works with major secret management and orchestration platforms
  • Secure Transfer - Optional hashing before transmission to GitGuardian platform
  • High Performance - Rust implementation optimized for large-scale inventories
  • Flexible Configuration - TOML-based config with environment variable interpolation

Configuration Example

[sources.vault]
type = "hashicorpvault"
vault_address = "${VAULT_ADDR}"

[sources.vault.auth]
auth_mode = "token"
token = "${VAULT_TOKEN}"

[sources.k8s]
type = "k8s"
kubeconfig_path = "~/.kube/config"

Documentation

Official ggscout Documentation

About GitGuardian

GitGuardian is the code security platform for automated secrets detection and remediation across all environments from source code to production.

ggscout integrates with GitGuardian's platform to provide comprehensive visibility and control over Non-Human Identities in your production infrastructure, enabling better security posture management and incident remediation.

License

This project is licensed under a Proprietary License.

Support

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for GitGuardian from gravatar.com GitGuardian

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Proprietary
  • Author: GitGuardian
  • Tags cli , devops , gitguardian , secrets , security
  • Requires: Python >=3.8
Classifiers

Release history Release notifications | RSS feed

This version

0.29.0

0.28.1

0.28.0

0.27.0

0.26.0

0.25.1

0.25.0

0.24.0

0.23.1

0.23.0

0.22.0

0.21.1

0.21.0

0.20.0

0.19.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distributions

No source distribution files available for this release.See tutorial on generating distribution archives.

Built Distributions

If you're not sure about the file name format, learn more about wheel file names.

ggscout-0.29.0-py3-none-musllinux_1_2_x86_64.whl (10.7 MB view details)

Uploaded Python 3musllinux: musl 1.2+ x86-64

ggscout-0.29.0-py3-none-musllinux_1_2_aarch64.whl (9.7 MB view details)

Uploaded Python 3musllinux: musl 1.2+ ARM64

ggscout-0.29.0-py3-none-manylinux_2_28_aarch64.whl (9.8 MB view details)

Uploaded Python 3manylinux: glibc 2.28+ ARM64

ggscout-0.29.0-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (10.6 MB view details)

Uploaded Python 3manylinux: glibc 2.17+ x86-64

ggscout-0.29.0-py3-none-macosx_11_0_arm64.whl (9.3 MB view details)

Uploaded Python 3macOS 11.0+ ARM64

ggscout-0.29.0-py3-none-macosx_10_12_x86_64.whl (10.2 MB view details)

Uploaded Python 3macOS 10.12+ x86-64

File details

Details for the file ggscout-0.29.0-py3-none-musllinux_1_2_x86_64.whl.

File metadata

File hashes

Hashes for ggscout-0.29.0-py3-none-musllinux_1_2_x86_64.whl
Algorithm Hash digest
SHA256 81b8ef660fad8dfc88a49676ae8e8fc31594cfe41f5863fb3a497b952cd7ecd8
MD5 708bb723067e4ab3de58e7f6f676f457
BLAKE2b-256 5c2de74556e0d233976a08f3883aa969bac8fc28316f4551b2aff94d0f051ea2

See more details on using hashes here.

Provenance

The following attestation bundles were made for ggscout-0.29.0-py3-none-musllinux_1_2_x86_64.whl:

Publisher: build_release_matrix.yml on GitGuardian/ggscout

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file ggscout-0.29.0-py3-none-musllinux_1_2_aarch64.whl.

File metadata

File hashes

Hashes for ggscout-0.29.0-py3-none-musllinux_1_2_aarch64.whl
Algorithm Hash digest
SHA256 c677e7652b05877cc17365402f21bb9cc4aaff58fcfd485353e4eaaaf8762f96
MD5 eb61b357c034bae739da8be7db67de9a
BLAKE2b-256 8bac88e6f9cd2d53a5e74dd753f691ec545f982819fc936d3cd41f0fa5ca65c5

See more details on using hashes here.

Provenance

The following attestation bundles were made for ggscout-0.29.0-py3-none-musllinux_1_2_aarch64.whl:

Publisher: build_release_matrix.yml on GitGuardian/ggscout

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file ggscout-0.29.0-py3-none-manylinux_2_28_aarch64.whl.

File metadata

File hashes

Hashes for ggscout-0.29.0-py3-none-manylinux_2_28_aarch64.whl
Algorithm Hash digest
SHA256 548869b839a85ed5ec0ff941ff5fc0c4a9688239d68342f0f9a954b9bb393b74
MD5 f20eea1d20076dd13aa2f1003c693c23
BLAKE2b-256 429bcd7bf2ce28d31ced4d535ad45613d03538d41249ca26c4b3571eec5ea27f

See more details on using hashes here.

Provenance

The following attestation bundles were made for ggscout-0.29.0-py3-none-manylinux_2_28_aarch64.whl:

Publisher: build_release_matrix.yml on GitGuardian/ggscout

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file ggscout-0.29.0-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.

File metadata

File hashes

Hashes for ggscout-0.29.0-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
Algorithm Hash digest
SHA256 3bdf49b95590f2bacdf15bb28f1cf57bcb221a7e21da1372957808bdedbfd246
MD5 5eec0ebd096e11a1ff4e08592ef79e14
BLAKE2b-256 e975cc2467490a5ee99ab44a7e689fc7c46ef0a1e71939d889952eee5eaacb0a

See more details on using hashes here.

Provenance

The following attestation bundles were made for ggscout-0.29.0-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl:

Publisher: build_release_matrix.yml on GitGuardian/ggscout

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file ggscout-0.29.0-py3-none-macosx_11_0_arm64.whl.

File metadata

File hashes

Hashes for ggscout-0.29.0-py3-none-macosx_11_0_arm64.whl
Algorithm Hash digest
SHA256 93a7df8c0a2e05d75a840168382c68ad7677b16ebfbba9bb209397b2850fe6d2
MD5 29d6e2ea0180e3d2aa5d88ff6e694daa
BLAKE2b-256 7e56309ec3dc7b2754683c8bc34f62ca93ea9b679c011456484c1db1cc95e3a3

See more details on using hashes here.

Provenance

The following attestation bundles were made for ggscout-0.29.0-py3-none-macosx_11_0_arm64.whl:

Publisher: build_release_matrix.yml on GitGuardian/ggscout

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file ggscout-0.29.0-py3-none-macosx_10_12_x86_64.whl.

File metadata

File hashes

Hashes for ggscout-0.29.0-py3-none-macosx_10_12_x86_64.whl
Algorithm Hash digest
SHA256 2fb703940ddd72edbe18a2c7e9cc318925a191686561a87888852896cf474b0a
MD5 492109d46cdd0cfc17bf92a9574e9758
BLAKE2b-256 dcecb10cd63d2fc17d1012724484a0cca8fac069a2cb1d1ec8aee6a811a5dc01

See more details on using hashes here.

Provenance

The following attestation bundles were made for ggscout-0.29.0-py3-none-macosx_10_12_x86_64.whl:

Publisher: build_release_matrix.yml on GitGuardian/ggscout

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page