GitGuardian CLI tool that acts as an outpost to extract, hash, and transfer secrets metadata to GitGuardian Platform

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for GitGuardian from gravatar.com GitGuardian

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Proprietary
  • Author: GitGuardian
  • Tags cli , devops , gitguardian , secrets , security
  • Requires: Python >=3.8
Classifiers
Report project as malware

Project description

ggscout

GitGuardian CLI tool for NHI (Non-Human Identity) discovery and remediation

ggscout is a Rust-powered command-line tool by GitGuardian that discovers and inventories Non-Human Identities (NHIs) across your production infrastructure. NHIs include services, applications, containers, and automation scripts that authenticate and access resources without human intervention. ggscout maps these identities, their permissions, and associated secrets to help organizations understand their NHI landscape and bootstrap incident remediation.

Installation

# Using uv (recommended)
uv tool install ggscout

# Using pip
pip install ggscout

Note: This is a Rust binary packaged for distribution via PyPI

Basic Usage

# Display help
ggscout --help

# Fetch secrets from configuration
ggscout fetch config.toml

# Run with debug logging
ggscout --verbose DEBUG fetch config.toml

Supported Platforms

ggscout inventories Non-Human Identities from:

  • HashiCorp Vault - KV stores, dynamic secrets, auth methods
  • AWS Secrets Manager - Secrets and associated IAM roles
  • Azure Key Vault - Keys, secrets, and managed identities
  • Google Cloud Secret Manager - Secrets and service accounts
  • Kubernetes/OpenShift - Secrets, ConfigMaps, Deployments, ServiceAccounts, Environment Variables
  • Akeyless Vault - Static and dynamic secrets
  • CyberArk Conjur - Application identities and secrets
  • Delinea Secret Server - Machine accounts and credentials
  • GitLab CI - Project variables and pipeline identities

Key Features

  • Comprehensive NHI Discovery - Inventories services, roles, and secrets across platforms
  • Production-ready - Built for production environments with secure data handling
  • Multi-platform Support - Works with major secret management and orchestration platforms
  • Secure Transfer - Optional hashing before transmission to GitGuardian platform
  • High Performance - Rust implementation optimized for large-scale inventories
  • Flexible Configuration - TOML-based config with environment variable interpolation

Configuration Example

[sources.vault]
type = "hashicorpvault"
vault_address = "${VAULT_ADDR}"

[sources.vault.auth]
auth_mode = "token"
token = "${VAULT_TOKEN}"

[sources.k8s]
type = "k8s"
kubeconfig_path = "~/.kube/config"

Documentation

Official ggscout Documentation

About GitGuardian

GitGuardian is the code security platform for automated secrets detection and remediation across all environments from source code to production.

ggscout integrates with GitGuardian's platform to provide comprehensive visibility and control over Non-Human Identities in your production infrastructure, enabling better security posture management and incident remediation.

License

This project is licensed under a Proprietary License.

Support

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for GitGuardian from gravatar.com GitGuardian

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Proprietary
  • Author: GitGuardian
  • Tags cli , devops , gitguardian , secrets , security
  • Requires: Python >=3.8
Classifiers

Release history Release notifications | RSS feed

0.27.0

0.26.0

0.25.1

0.25.0

0.24.0

0.23.1

0.23.0

0.22.0

0.21.1

This version

0.21.0

0.20.0

0.19.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distributions

No source distribution files available for this release.See tutorial on generating distribution archives.

Built Distributions

If you're not sure about the file name format, learn more about wheel file names.

ggscout-0.21.0-py3-none-musllinux_1_2_x86_64.whl (11.5 MB view details)

Uploaded Python 3musllinux: musl 1.2+ x86-64

ggscout-0.21.0-py3-none-musllinux_1_2_aarch64.whl (10.5 MB view details)

Uploaded Python 3musllinux: musl 1.2+ ARM64

ggscout-0.21.0-py3-none-manylinux_2_28_aarch64.whl (10.6 MB view details)

Uploaded Python 3manylinux: glibc 2.28+ ARM64

ggscout-0.21.0-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (11.4 MB view details)

Uploaded Python 3manylinux: glibc 2.17+ x86-64

ggscout-0.21.0-py3-none-macosx_11_0_arm64.whl (10.0 MB view details)

Uploaded Python 3macOS 11.0+ ARM64

ggscout-0.21.0-py3-none-macosx_10_12_x86_64.whl (11.0 MB view details)

Uploaded Python 3macOS 10.12+ x86-64

File details

Details for the file ggscout-0.21.0-py3-none-musllinux_1_2_x86_64.whl.

File metadata

File hashes

Hashes for ggscout-0.21.0-py3-none-musllinux_1_2_x86_64.whl
Algorithm Hash digest
SHA256 737bd6ff89942223b382794a806b92c5cf693c1dc76370e0dd739c28b3815c0c
MD5 e1fda823c98d86a97f8f258e80ec4902
BLAKE2b-256 e824333575dfd9e0fe373a854ed3740b03925caef64b4f133143647142e02b3d

See more details on using hashes here.

Provenance

The following attestation bundles were made for ggscout-0.21.0-py3-none-musllinux_1_2_x86_64.whl:

Publisher: build_release_matrix.yml on GitGuardian/ggscout

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file ggscout-0.21.0-py3-none-musllinux_1_2_aarch64.whl.

File metadata

File hashes

Hashes for ggscout-0.21.0-py3-none-musllinux_1_2_aarch64.whl
Algorithm Hash digest
SHA256 5f843c97d1ad7b1bb2dea989a60aa030692fb4d76f178d59dc2af8bfa364ebbb
MD5 e8b8ffa0cd68507564fc012504341478
BLAKE2b-256 2b839b8720eb62d3ccceb898ae5a4cadd87f3c330c09b841fca601b167d6aca0

See more details on using hashes here.

Provenance

The following attestation bundles were made for ggscout-0.21.0-py3-none-musllinux_1_2_aarch64.whl:

Publisher: build_release_matrix.yml on GitGuardian/ggscout

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file ggscout-0.21.0-py3-none-manylinux_2_28_aarch64.whl.

File metadata

File hashes

Hashes for ggscout-0.21.0-py3-none-manylinux_2_28_aarch64.whl
Algorithm Hash digest
SHA256 443c62c07fab33e6be50c7df420da8fe935e3bcd2b945dea4d0c3f21643b936d
MD5 cf0521cd452e286282c2acf9770fc9c9
BLAKE2b-256 0b84edc594f04cc9fb95fe94ab9afbfae28f634df0ec6f1ca8e675d37b457ddf

See more details on using hashes here.

Provenance

The following attestation bundles were made for ggscout-0.21.0-py3-none-manylinux_2_28_aarch64.whl:

Publisher: build_release_matrix.yml on GitGuardian/ggscout

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file ggscout-0.21.0-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.

File metadata

File hashes

Hashes for ggscout-0.21.0-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
Algorithm Hash digest
SHA256 cefb2619e93013feeaafcec8415cbb1c8528e1e37251f4d7fb3f591bb525dd35
MD5 461e8d601bc1b86cf58a5c4f08dc92e6
BLAKE2b-256 eb7a42f4823ed7136e0117d1b969bd01c683bf245c85cf56115369c7a4d18e82

See more details on using hashes here.

Provenance

The following attestation bundles were made for ggscout-0.21.0-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl:

Publisher: build_release_matrix.yml on GitGuardian/ggscout

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file ggscout-0.21.0-py3-none-macosx_11_0_arm64.whl.

File metadata

File hashes

Hashes for ggscout-0.21.0-py3-none-macosx_11_0_arm64.whl
Algorithm Hash digest
SHA256 120543a2f19f140210003fafb66b20c387a4fd02f80cd2415307a3625f854e0d
MD5 ce181cd7e5fbf8ebd458643b35e6c5fb
BLAKE2b-256 ecde9a3c5533b44dd071d785422ee7935c504524706776862f4b08c09811beba

See more details on using hashes here.

Provenance

The following attestation bundles were made for ggscout-0.21.0-py3-none-macosx_11_0_arm64.whl:

Publisher: build_release_matrix.yml on GitGuardian/ggscout

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file ggscout-0.21.0-py3-none-macosx_10_12_x86_64.whl.

File metadata

File hashes

Hashes for ggscout-0.21.0-py3-none-macosx_10_12_x86_64.whl
Algorithm Hash digest
SHA256 5dbb92583a36cedef66e9f11a97ec2120534491c4600bdecc074f70909a19382
MD5 4fb898612cc6627834abbac548618071
BLAKE2b-256 dca7178f7ee7607a24f2b931a4485d2ed85fd15d8da8488c0b7b9d26dc728094

See more details on using hashes here.

Provenance

The following attestation bundles were made for ggscout-0.21.0-py3-none-macosx_10_12_x86_64.whl:

Publisher: build_release_matrix.yml on GitGuardian/ggscout

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page