GitGuardian CLI tool that acts as an outpost to extract, hash, and transfer secrets metadata to GitGuardian Platform

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for GitGuardian from gravatar.com GitGuardian

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Proprietary
  • Author: GitGuardian
  • Tags cli , devops , gitguardian , secrets , security
  • Requires: Python >=3.8
Classifiers
Report project as malware

Project description

ggscout

GitGuardian CLI tool for NHI (Non-Human Identity) discovery and remediation

ggscout is a Rust-powered command-line tool by GitGuardian that discovers and inventories Non-Human Identities (NHIs) across your production infrastructure. NHIs include services, applications, containers, and automation scripts that authenticate and access resources without human intervention. ggscout maps these identities, their permissions, and associated secrets to help organizations understand their NHI landscape and bootstrap incident remediation.

Installation

# Using uv (recommended)
uv tool install ggscout

# Using pip
pip install ggscout

Note: This is a Rust binary packaged for distribution via PyPI

Basic Usage

# Display help
ggscout --help

# Fetch secrets from configuration
ggscout fetch config.toml

# Run with debug logging
ggscout --verbose DEBUG fetch config.toml

Supported Platforms

ggscout inventories Non-Human Identities from:

  • HashiCorp Vault - KV stores, dynamic secrets, auth methods
  • AWS Secrets Manager - Secrets and associated IAM roles
  • Azure Key Vault - Keys, secrets, and managed identities
  • Google Cloud Secret Manager - Secrets and service accounts
  • Kubernetes/OpenShift - Secrets, ConfigMaps, Deployments, ServiceAccounts, Environment Variables
  • Akeyless Vault - Static and dynamic secrets
  • CyberArk Conjur - Application identities and secrets
  • Delinea Secret Server - Machine accounts and credentials
  • GitLab CI - Project variables and pipeline identities

Key Features

  • Comprehensive NHI Discovery - Inventories services, roles, and secrets across platforms
  • Production-ready - Built for production environments with secure data handling
  • Multi-platform Support - Works with major secret management and orchestration platforms
  • Secure Transfer - Optional hashing before transmission to GitGuardian platform
  • High Performance - Rust implementation optimized for large-scale inventories
  • Flexible Configuration - TOML-based config with environment variable interpolation

Configuration Example

[sources.vault]
type = "hashicorpvault"
vault_address = "${VAULT_ADDR}"

[sources.vault.auth]
auth_mode = "token"
token = "${VAULT_TOKEN}"

[sources.k8s]
type = "k8s"
kubeconfig_path = "~/.kube/config"

Documentation

Official ggscout Documentation

About GitGuardian

GitGuardian is the code security platform for automated secrets detection and remediation across all environments from source code to production.

ggscout integrates with GitGuardian's platform to provide comprehensive visibility and control over Non-Human Identities in your production infrastructure, enabling better security posture management and incident remediation.

License

This project is licensed under a Proprietary License.

Support

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for GitGuardian from gravatar.com GitGuardian

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Proprietary
  • Author: GitGuardian
  • Tags cli , devops , gitguardian , secrets , security
  • Requires: Python >=3.8
Classifiers

Release history Release notifications | RSS feed

0.27.0

0.26.0

0.25.1

0.25.0

0.24.0

0.23.1

0.23.0

0.22.0

This version

0.21.1

0.21.0

0.20.0

0.19.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distributions

No source distribution files available for this release.See tutorial on generating distribution archives.

Built Distributions

If you're not sure about the file name format, learn more about wheel file names.

ggscout-0.21.1-py3-none-musllinux_1_2_x86_64.whl (11.5 MB view details)

Uploaded Python 3musllinux: musl 1.2+ x86-64

ggscout-0.21.1-py3-none-musllinux_1_2_aarch64.whl (10.5 MB view details)

Uploaded Python 3musllinux: musl 1.2+ ARM64

ggscout-0.21.1-py3-none-manylinux_2_28_aarch64.whl (10.6 MB view details)

Uploaded Python 3manylinux: glibc 2.28+ ARM64

ggscout-0.21.1-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (11.4 MB view details)

Uploaded Python 3manylinux: glibc 2.17+ x86-64

ggscout-0.21.1-py3-none-macosx_11_0_arm64.whl (10.0 MB view details)

Uploaded Python 3macOS 11.0+ ARM64

ggscout-0.21.1-py3-none-macosx_10_12_x86_64.whl (11.0 MB view details)

Uploaded Python 3macOS 10.12+ x86-64

File details

Details for the file ggscout-0.21.1-py3-none-musllinux_1_2_x86_64.whl.

File metadata

File hashes

Hashes for ggscout-0.21.1-py3-none-musllinux_1_2_x86_64.whl
Algorithm Hash digest
SHA256 cbfa4797557ed2f8f14c003e59f72735ff91346955292b2e7ab213b9bdb3c054
MD5 3dcd3c42a5b93aae3dd86421f088ba0d
BLAKE2b-256 128a1cc43b85c83ab2625e28ccb185352f137b361521d3b62736d4ebad6533e4

See more details on using hashes here.

Provenance

The following attestation bundles were made for ggscout-0.21.1-py3-none-musllinux_1_2_x86_64.whl:

Publisher: build_release_matrix.yml on GitGuardian/ggscout

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file ggscout-0.21.1-py3-none-musllinux_1_2_aarch64.whl.

File metadata

File hashes

Hashes for ggscout-0.21.1-py3-none-musllinux_1_2_aarch64.whl
Algorithm Hash digest
SHA256 00477fd7ea6feb9cb6f2d4e1b343be61ae35b969a63eeb6754afcee0ff31feeb
MD5 9377e937798e8ede06a78efa87c560c3
BLAKE2b-256 8b335b253290faa3f631cb2a35ccb21911fed9f9cc66b2fab3d2177a7ca04213

See more details on using hashes here.

Provenance

The following attestation bundles were made for ggscout-0.21.1-py3-none-musllinux_1_2_aarch64.whl:

Publisher: build_release_matrix.yml on GitGuardian/ggscout

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file ggscout-0.21.1-py3-none-manylinux_2_28_aarch64.whl.

File metadata

File hashes

Hashes for ggscout-0.21.1-py3-none-manylinux_2_28_aarch64.whl
Algorithm Hash digest
SHA256 1c095dd3cf43f70b342b7f584377bde9567ee8f7bb86cd7146361461a6736200
MD5 85db4263d0adecf42f26546507141948
BLAKE2b-256 58e5b78e34115e5b22a9f1a68e4a04945536914273c9720cfc728b47ba21ba02

See more details on using hashes here.

Provenance

The following attestation bundles were made for ggscout-0.21.1-py3-none-manylinux_2_28_aarch64.whl:

Publisher: build_release_matrix.yml on GitGuardian/ggscout

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file ggscout-0.21.1-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.

File metadata

File hashes

Hashes for ggscout-0.21.1-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
Algorithm Hash digest
SHA256 4a958cd9f61065cf437f49d514a1b418211244e617b138be00124471311a8d11
MD5 95e1ec959490339189d3f0ef0a78686a
BLAKE2b-256 82fad41866a6c43deb57efb1be0a22a681b5177b274a6f5b57c856d04d4706e3

See more details on using hashes here.

Provenance

The following attestation bundles were made for ggscout-0.21.1-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl:

Publisher: build_release_matrix.yml on GitGuardian/ggscout

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file ggscout-0.21.1-py3-none-macosx_11_0_arm64.whl.

File metadata

File hashes

Hashes for ggscout-0.21.1-py3-none-macosx_11_0_arm64.whl
Algorithm Hash digest
SHA256 74d178aa95c38611c41d76ec8f8d79dc31b751f67d4ed1e4374f808805ba8eee
MD5 9c8a36d65993f72d23057d108476e3dd
BLAKE2b-256 58b4291578ee275218844920cb7ba5418441fd237adf63ef10712a3ff2040747

See more details on using hashes here.

Provenance

The following attestation bundles were made for ggscout-0.21.1-py3-none-macosx_11_0_arm64.whl:

Publisher: build_release_matrix.yml on GitGuardian/ggscout

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file ggscout-0.21.1-py3-none-macosx_10_12_x86_64.whl.

File metadata

File hashes

Hashes for ggscout-0.21.1-py3-none-macosx_10_12_x86_64.whl
Algorithm Hash digest
SHA256 3e3c7a5a77d72d342605254890f927f02fa50a1c8c8112b430e4cffe0ebda0f6
MD5 979064762a97fe12968b7a14b9d75c6c
BLAKE2b-256 64ced90f6dd2135aa74f3f8d1538080fb878ada95a09eebaeefc38e15a48ce58

See more details on using hashes here.

Provenance

The following attestation bundles were made for ggscout-0.21.1-py3-none-macosx_10_12_x86_64.whl:

Publisher: build_release_matrix.yml on GitGuardian/ggscout

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page