GitGuardian CLI tool that acts as an outpost to extract, hash, and transfer secrets metadata to GitGuardian Platform

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for GitGuardian from gravatar.com GitGuardian

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Proprietary
  • Author: GitGuardian
  • Tags cli , devops , gitguardian , secrets , security
  • Requires: Python >=3.8
Classifiers
Report project as malware

Project description

ggscout

GitGuardian CLI tool for NHI (Non-Human Identity) discovery and remediation

ggscout is a Rust-powered command-line tool by GitGuardian that discovers and inventories Non-Human Identities (NHIs) across your production infrastructure. NHIs include services, applications, containers, and automation scripts that authenticate and access resources without human intervention. ggscout maps these identities, their permissions, and associated secrets to help organizations understand their NHI landscape and bootstrap incident remediation.

Installation

# Using uv (recommended)
uv tool install ggscout

# Using pip
pip install ggscout

Note: This is a Rust binary packaged for distribution via PyPI

Basic Usage

# Display help
ggscout --help

# Fetch secrets from configuration
ggscout fetch config.toml

# Run with debug logging
ggscout --verbose DEBUG fetch config.toml

Supported Platforms

ggscout inventories Non-Human Identities from:

  • HashiCorp Vault - KV stores, dynamic secrets, auth methods
  • AWS Secrets Manager - Secrets and associated IAM roles
  • Azure Key Vault - Keys, secrets, and managed identities
  • Google Cloud Secret Manager - Secrets and service accounts
  • Kubernetes/OpenShift - Secrets, ConfigMaps, Deployments, ServiceAccounts, Environment Variables
  • Akeyless Vault - Static and dynamic secrets
  • CyberArk Conjur - Application identities and secrets
  • Delinea Secret Server - Machine accounts and credentials
  • GitLab CI - Project variables and pipeline identities

Key Features

  • Comprehensive NHI Discovery - Inventories services, roles, and secrets across platforms
  • Production-ready - Built for production environments with secure data handling
  • Multi-platform Support - Works with major secret management and orchestration platforms
  • Secure Transfer - Optional hashing before transmission to GitGuardian platform
  • High Performance - Rust implementation optimized for large-scale inventories
  • Flexible Configuration - TOML-based config with environment variable interpolation

Configuration Example

[sources.vault]
type = "hashicorpvault"
vault_address = "${VAULT_ADDR}"

[sources.vault.auth]
auth_mode = "token"
token = "${VAULT_TOKEN}"

[sources.k8s]
type = "k8s"
kubeconfig_path = "~/.kube/config"

Documentation

Official ggscout Documentation

About GitGuardian

GitGuardian is the code security platform for automated secrets detection and remediation across all environments from source code to production.

ggscout integrates with GitGuardian's platform to provide comprehensive visibility and control over Non-Human Identities in your production infrastructure, enabling better security posture management and incident remediation.

License

This project is licensed under a Proprietary License.

Support

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for GitGuardian from gravatar.com GitGuardian

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Proprietary
  • Author: GitGuardian
  • Tags cli , devops , gitguardian , secrets , security
  • Requires: Python >=3.8
Classifiers

Release history Release notifications | RSS feed

0.27.0

0.26.0

0.25.1

0.25.0

0.24.0

0.23.1

0.23.0

0.22.0

0.21.1

0.21.0

This version

0.20.0

0.19.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distributions

No source distribution files available for this release.See tutorial on generating distribution archives.

Built Distributions

If you're not sure about the file name format, learn more about wheel file names.

ggscout-0.20.0-py3-none-musllinux_1_2_x86_64.whl (10.5 MB view details)

Uploaded Python 3musllinux: musl 1.2+ x86-64

ggscout-0.20.0-py3-none-musllinux_1_2_aarch64.whl (9.4 MB view details)

Uploaded Python 3musllinux: musl 1.2+ ARM64

ggscout-0.20.0-py3-none-manylinux_2_28_aarch64.whl (9.5 MB view details)

Uploaded Python 3manylinux: glibc 2.28+ ARM64

ggscout-0.20.0-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (10.3 MB view details)

Uploaded Python 3manylinux: glibc 2.17+ x86-64

ggscout-0.20.0-py3-none-macosx_11_0_arm64.whl (9.0 MB view details)

Uploaded Python 3macOS 11.0+ ARM64

ggscout-0.20.0-py3-none-macosx_10_12_x86_64.whl (10.0 MB view details)

Uploaded Python 3macOS 10.12+ x86-64

File details

Details for the file ggscout-0.20.0-py3-none-musllinux_1_2_x86_64.whl.

File metadata

File hashes

Hashes for ggscout-0.20.0-py3-none-musllinux_1_2_x86_64.whl
Algorithm Hash digest
SHA256 c564d0a8fe3e46fd08e05481349239b5979860ad2d52f80fd4ce3dd7e03c51d6
MD5 29833425a2f58593f0568f284faa44b7
BLAKE2b-256 b92becd2b10867335c6399907bf74474a3644e5b1b38bad59e75b5948e9e40b9

See more details on using hashes here.

Provenance

The following attestation bundles were made for ggscout-0.20.0-py3-none-musllinux_1_2_x86_64.whl:

Publisher: build_release_matrix.yml on GitGuardian/ggscout

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file ggscout-0.20.0-py3-none-musllinux_1_2_aarch64.whl.

File metadata

File hashes

Hashes for ggscout-0.20.0-py3-none-musllinux_1_2_aarch64.whl
Algorithm Hash digest
SHA256 87e6137024d954d862bd43199f171b705c9245bbc9aeeee8c7c3b8870f4de334
MD5 bcdeb6ea96f7566292c9ea93d6b262a9
BLAKE2b-256 f85cd17e3bc7fd422256889e7834b5d891f12e6ff7bf4e88337c2bcbcd144194

See more details on using hashes here.

Provenance

The following attestation bundles were made for ggscout-0.20.0-py3-none-musllinux_1_2_aarch64.whl:

Publisher: build_release_matrix.yml on GitGuardian/ggscout

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file ggscout-0.20.0-py3-none-manylinux_2_28_aarch64.whl.

File metadata

File hashes

Hashes for ggscout-0.20.0-py3-none-manylinux_2_28_aarch64.whl
Algorithm Hash digest
SHA256 fd00cb6e7ceddfb585f72c4b0b3fadaf344fe65e6be47ebd8757da79c31faa5f
MD5 c97bed731410d64e520ea748ac6460e3
BLAKE2b-256 9bb89611cc3d4bdc12a2fb3ac67ccaa8e736bede7c9fc2e79f379d3454a970ce

See more details on using hashes here.

Provenance

The following attestation bundles were made for ggscout-0.20.0-py3-none-manylinux_2_28_aarch64.whl:

Publisher: build_release_matrix.yml on GitGuardian/ggscout

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file ggscout-0.20.0-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.

File metadata

File hashes

Hashes for ggscout-0.20.0-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
Algorithm Hash digest
SHA256 f1160fb47dee1dcb7471762e2ba21f18dd1aac7d5a4469f4f6abd5257c428156
MD5 9f372f2c120c68d28aebe5f7a3ae4f9d
BLAKE2b-256 153e2faa0280039303c48b237da5dd9835007cccfd7d103e004a7420a298d749

See more details on using hashes here.

Provenance

The following attestation bundles were made for ggscout-0.20.0-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl:

Publisher: build_release_matrix.yml on GitGuardian/ggscout

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file ggscout-0.20.0-py3-none-macosx_11_0_arm64.whl.

File metadata

File hashes

Hashes for ggscout-0.20.0-py3-none-macosx_11_0_arm64.whl
Algorithm Hash digest
SHA256 452b6c6553df9f2002d0c710ace9d9e0754ecc35e8de0b3aaa8dbbf16dcbf34a
MD5 10935967cc8a1e8ebf5fc2fba461397e
BLAKE2b-256 94edae465423ef36f593fcfd44ced6517d68f9bd9018c0f96f32d245827d7d24

See more details on using hashes here.

Provenance

The following attestation bundles were made for ggscout-0.20.0-py3-none-macosx_11_0_arm64.whl:

Publisher: build_release_matrix.yml on GitGuardian/ggscout

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file ggscout-0.20.0-py3-none-macosx_10_12_x86_64.whl.

File metadata

File hashes

Hashes for ggscout-0.20.0-py3-none-macosx_10_12_x86_64.whl
Algorithm Hash digest
SHA256 df3dff1a7272fc9bc4d569c7197b28d229575e533d3456547b514e2dc5edd7ae
MD5 cf58df7ff11b5cd8152f3bebeaaad3d0
BLAKE2b-256 f3ccafd967c45dec774f9bfea801e46fecf6269057c376ef53f551188cd62e75

See more details on using hashes here.

Provenance

The following attestation bundles were made for ggscout-0.20.0-py3-none-macosx_10_12_x86_64.whl:

Publisher: build_release_matrix.yml on GitGuardian/ggscout

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page