GitGuardian CLI tool that acts as an outpost to extract, hash, and transfer secrets metadata to GitGuardian Platform

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for GitGuardian from gravatar.com GitGuardian

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Proprietary
  • Author: GitGuardian
  • Tags cli , devops , gitguardian , secrets , security
  • Requires: Python >=3.8
Classifiers
Report project as malware

Project description

ggscout

GitGuardian CLI tool for NHI (Non-Human Identity) discovery and remediation

ggscout is a Rust-powered command-line tool by GitGuardian that discovers and inventories Non-Human Identities (NHIs) across your production infrastructure. NHIs include services, applications, containers, and automation scripts that authenticate and access resources without human intervention. ggscout maps these identities, their permissions, and associated secrets to help organizations understand their NHI landscape and bootstrap incident remediation.

Installation

# Using uv (recommended)
uv tool install ggscout

# Using pip
pip install ggscout

Note: This is a Rust binary packaged for distribution via PyPI

Basic Usage

# Display help
ggscout --help

# Fetch secrets from configuration
ggscout fetch config.toml

# Run with debug logging
ggscout --verbose DEBUG fetch config.toml

Supported Platforms

ggscout inventories Non-Human Identities from:

  • HashiCorp Vault - KV stores, dynamic secrets, auth methods
  • AWS Secrets Manager - Secrets and associated IAM roles
  • Azure Key Vault - Keys, secrets, and managed identities
  • Google Cloud Secret Manager - Secrets and service accounts
  • Kubernetes/OpenShift - Secrets, ConfigMaps, Deployments, ServiceAccounts, Environment Variables
  • Akeyless Vault - Static and dynamic secrets
  • CyberArk Conjur - Application identities and secrets
  • Delinea Secret Server - Machine accounts and credentials
  • GitLab CI - Project variables and pipeline identities

Key Features

  • Comprehensive NHI Discovery - Inventories services, roles, and secrets across platforms
  • Production-ready - Built for production environments with secure data handling
  • Multi-platform Support - Works with major secret management and orchestration platforms
  • Secure Transfer - Optional hashing before transmission to GitGuardian platform
  • High Performance - Rust implementation optimized for large-scale inventories
  • Flexible Configuration - TOML-based config with environment variable interpolation

Configuration Example

[sources.vault]
type = "hashicorpvault"
vault_address = "${VAULT_ADDR}"

[sources.vault.auth]
auth_mode = "token"
token = "${VAULT_TOKEN}"

[sources.k8s]
type = "k8s"
kubeconfig_path = "~/.kube/config"

Documentation

Official ggscout Documentation

About GitGuardian

GitGuardian is the code security platform for automated secrets detection and remediation across all environments from source code to production.

ggscout integrates with GitGuardian's platform to provide comprehensive visibility and control over Non-Human Identities in your production infrastructure, enabling better security posture management and incident remediation.

License

This project is licensed under a Proprietary License.

Support

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for GitGuardian from gravatar.com GitGuardian

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Proprietary
  • Author: GitGuardian
  • Tags cli , devops , gitguardian , secrets , security
  • Requires: Python >=3.8
Classifiers

Release history Release notifications | RSS feed

0.27.0

0.26.0

0.25.1

0.25.0

0.24.0

0.23.1

0.23.0

0.22.0

0.21.1

0.21.0

0.20.0

This version

0.19.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distributions

No source distribution files available for this release.See tutorial on generating distribution archives.

Built Distributions

If you're not sure about the file name format, learn more about wheel file names.

ggscout-0.19.0-py3-none-musllinux_1_2_x86_64.whl (10.4 MB view details)

Uploaded Python 3musllinux: musl 1.2+ x86-64

ggscout-0.19.0-py3-none-musllinux_1_2_aarch64.whl (9.3 MB view details)

Uploaded Python 3musllinux: musl 1.2+ ARM64

ggscout-0.19.0-py3-none-manylinux_2_28_aarch64.whl (9.4 MB view details)

Uploaded Python 3manylinux: glibc 2.28+ ARM64

ggscout-0.19.0-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (10.3 MB view details)

Uploaded Python 3manylinux: glibc 2.17+ x86-64

ggscout-0.19.0-py3-none-macosx_11_0_arm64.whl (8.9 MB view details)

Uploaded Python 3macOS 11.0+ ARM64

ggscout-0.19.0-py3-none-macosx_10_12_x86_64.whl (9.9 MB view details)

Uploaded Python 3macOS 10.12+ x86-64

File details

Details for the file ggscout-0.19.0-py3-none-musllinux_1_2_x86_64.whl.

File metadata

File hashes

Hashes for ggscout-0.19.0-py3-none-musllinux_1_2_x86_64.whl
Algorithm Hash digest
SHA256 eac76f0bc445b1f83e85e2ecade29c951addfab3396716d9650070c9a55aeacf
MD5 71cd5f9fdac12392b5f332d224a6a9bc
BLAKE2b-256 e6b95b6b2c9b9b5d08ae76ce67ef4a261b1891e79cafe163a8db389083b47bda

See more details on using hashes here.

Provenance

The following attestation bundles were made for ggscout-0.19.0-py3-none-musllinux_1_2_x86_64.whl:

Publisher: build_release_matrix.yml on GitGuardian/ggscout

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file ggscout-0.19.0-py3-none-musllinux_1_2_aarch64.whl.

File metadata

File hashes

Hashes for ggscout-0.19.0-py3-none-musllinux_1_2_aarch64.whl
Algorithm Hash digest
SHA256 5df8bb1c9deb73ebd91c7698e784fadab5fe609c6d9d58b7970c9c10eb6fedae
MD5 a0770642f1ab0bf53e73b8969149e3d7
BLAKE2b-256 f4cb7eb5da86d3ed6003c24fd7a1b1683f3e0ebec27af63716053475470eb929

See more details on using hashes here.

Provenance

The following attestation bundles were made for ggscout-0.19.0-py3-none-musllinux_1_2_aarch64.whl:

Publisher: build_release_matrix.yml on GitGuardian/ggscout

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file ggscout-0.19.0-py3-none-manylinux_2_28_aarch64.whl.

File metadata

File hashes

Hashes for ggscout-0.19.0-py3-none-manylinux_2_28_aarch64.whl
Algorithm Hash digest
SHA256 bdce1715bc15bfeb5495056f4adb1f25b2675382d2a2381637171671dcfc7eed
MD5 2224eef72c9a9b76f5d492c15bbe490b
BLAKE2b-256 51aa25e5f3b4a7c2413a4718821fc26f0e5936a4f7e017b40b86753a93e30a74

See more details on using hashes here.

Provenance

The following attestation bundles were made for ggscout-0.19.0-py3-none-manylinux_2_28_aarch64.whl:

Publisher: build_release_matrix.yml on GitGuardian/ggscout

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file ggscout-0.19.0-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.

File metadata

File hashes

Hashes for ggscout-0.19.0-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
Algorithm Hash digest
SHA256 73e7f7737be1db1e60ed593c1fe41ec6ad4f68540552d2e9f65cb58cc1cfe39e
MD5 2bb64cddb463cd3d201bbc81b6e2f695
BLAKE2b-256 55dc12a35942dc65559f48fa99dca8dbbd96e093ce07e73fb03db72498bbd5da

See more details on using hashes here.

Provenance

The following attestation bundles were made for ggscout-0.19.0-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl:

Publisher: build_release_matrix.yml on GitGuardian/ggscout

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file ggscout-0.19.0-py3-none-macosx_11_0_arm64.whl.

File metadata

File hashes

Hashes for ggscout-0.19.0-py3-none-macosx_11_0_arm64.whl
Algorithm Hash digest
SHA256 fcfc4c6afe1628bb9f3e27cd187c7c512423387ebf28762599e5ad4e602286f0
MD5 3f1869970a8ebfa8b8d8199f1577a314
BLAKE2b-256 d892469bab7aa1ad5e275d204e689fedea9a96c078d05aa6a0c956a5211fbe82

See more details on using hashes here.

Provenance

The following attestation bundles were made for ggscout-0.19.0-py3-none-macosx_11_0_arm64.whl:

Publisher: build_release_matrix.yml on GitGuardian/ggscout

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file ggscout-0.19.0-py3-none-macosx_10_12_x86_64.whl.

File metadata

File hashes

Hashes for ggscout-0.19.0-py3-none-macosx_10_12_x86_64.whl
Algorithm Hash digest
SHA256 95022db5066ff85ef7fec73b51450046d1a0e94cc39e72e6c8fbad1c8387cacc
MD5 6d999a46a06178931b50d68e8ec3a250
BLAKE2b-256 73a4e4342071dacd840151da1bff4788778a77e32476c2107ed8ab2002036ed1

See more details on using hashes here.

Provenance

The following attestation bundles were made for ggscout-0.19.0-py3-none-macosx_10_12_x86_64.whl:

Publisher: build_release_matrix.yml on GitGuardian/ggscout

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page