GitGuardian CLI tool that acts as an outpost to extract, hash, and transfer secrets metadata to GitGuardian Platform

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for GitGuardian from gravatar.com GitGuardian

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Proprietary
  • Author: GitGuardian
  • Tags cli , devops , gitguardian , secrets , security
  • Requires: Python >=3.8
Classifiers
Report project as malware

Project description

ggscout

GitGuardian CLI tool for NHI (Non-Human Identity) discovery and remediation

ggscout is a Rust-powered command-line tool by GitGuardian that discovers and inventories Non-Human Identities (NHIs) across your production infrastructure. NHIs include services, applications, containers, and automation scripts that authenticate and access resources without human intervention. ggscout maps these identities, their permissions, and associated secrets to help organizations understand their NHI landscape and bootstrap incident remediation.

Installation

# Using uv (recommended)
uv tool install ggscout

# Using pip
pip install ggscout

Note: This is a Rust binary packaged for distribution via PyPI

Basic Usage

# Display help
ggscout --help

# Fetch secrets from configuration
ggscout fetch config.toml

# Run with debug logging
ggscout --verbose DEBUG fetch config.toml

Supported Platforms

ggscout inventories Non-Human Identities from:

  • HashiCorp Vault - KV stores, dynamic secrets, auth methods
  • AWS Secrets Manager - Secrets and associated IAM roles
  • Azure Key Vault - Keys, secrets, and managed identities
  • Google Cloud Secret Manager - Secrets and service accounts
  • Kubernetes/OpenShift - Secrets, ConfigMaps, Deployments, ServiceAccounts, Environment Variables
  • Akeyless Vault - Static and dynamic secrets
  • CyberArk SaaS / CyberArk Self-Hosted - Application identities and secrets
  • Delinea Secret Server - Machine accounts and credentials
  • GitLab CI - Project variables and pipeline identities

Key Features

  • Comprehensive NHI Discovery - Inventories services, roles, and secrets across platforms
  • Production-ready - Built for production environments with secure data handling
  • Multi-platform Support - Works with major secret management and orchestration platforms
  • Secure Transfer - Optional hashing before transmission to GitGuardian platform
  • High Performance - Rust implementation optimized for large-scale inventories
  • Flexible Configuration - TOML-based config with environment variable interpolation

Configuration Example

[sources.vault]
type = "hashicorpvault"
vault_address = "${VAULT_ADDR}"

[sources.vault.auth]
auth_mode = "token"
token = "${VAULT_TOKEN}"

[sources.k8s]
type = "k8s"
kubeconfig_path = "~/.kube/config"

Documentation

Official ggscout Documentation

About GitGuardian

GitGuardian is the code security platform for automated secrets detection and remediation across all environments from source code to production.

ggscout integrates with GitGuardian's platform to provide comprehensive visibility and control over Non-Human Identities in your production infrastructure, enabling better security posture management and incident remediation.

License

This project is licensed under a Proprietary License.

Support

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for GitGuardian from gravatar.com GitGuardian

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Proprietary
  • Author: GitGuardian
  • Tags cli , devops , gitguardian , secrets , security
  • Requires: Python >=3.8
Classifiers

Release history Release notifications | RSS feed

0.27.0

0.26.0

0.25.1

0.25.0

0.24.0

0.23.1

0.23.0

This version

0.22.0

0.21.1

0.21.0

0.20.0

0.19.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distributions

No source distribution files available for this release.See tutorial on generating distribution archives.

Built Distributions

If you're not sure about the file name format, learn more about wheel file names.

ggscout-0.22.0-py3-none-musllinux_1_2_x86_64.whl (11.3 MB view details)

Uploaded Python 3musllinux: musl 1.2+ x86-64

ggscout-0.22.0-py3-none-musllinux_1_2_aarch64.whl (10.3 MB view details)

Uploaded Python 3musllinux: musl 1.2+ ARM64

ggscout-0.22.0-py3-none-manylinux_2_28_aarch64.whl (10.4 MB view details)

Uploaded Python 3manylinux: glibc 2.28+ ARM64

ggscout-0.22.0-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (11.2 MB view details)

Uploaded Python 3manylinux: glibc 2.17+ x86-64

ggscout-0.22.0-py3-none-macosx_11_0_arm64.whl (9.8 MB view details)

Uploaded Python 3macOS 11.0+ ARM64

ggscout-0.22.0-py3-none-macosx_10_12_x86_64.whl (10.8 MB view details)

Uploaded Python 3macOS 10.12+ x86-64

File details

Details for the file ggscout-0.22.0-py3-none-musllinux_1_2_x86_64.whl.

File metadata

File hashes

Hashes for ggscout-0.22.0-py3-none-musllinux_1_2_x86_64.whl
Algorithm Hash digest
SHA256 4b98c230375c610ac803453d80ac84925be2b0fd0057d47d213491e851b48a35
MD5 497308b89b081099ee78236b0f32415a
BLAKE2b-256 af824f0731db72086a557c8f9b70355563a20252ac3b9cc032ca66940439ffce

See more details on using hashes here.

Provenance

The following attestation bundles were made for ggscout-0.22.0-py3-none-musllinux_1_2_x86_64.whl:

Publisher: build_release_matrix.yml on GitGuardian/ggscout

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file ggscout-0.22.0-py3-none-musllinux_1_2_aarch64.whl.

File metadata

File hashes

Hashes for ggscout-0.22.0-py3-none-musllinux_1_2_aarch64.whl
Algorithm Hash digest
SHA256 0ad7233a8cc4ad1b6dc2ef6df5988a3038cd7e19aa4f24a9b32a471dd34f3b6a
MD5 c53fddf64bd1c63f74ca8663afbfb5db
BLAKE2b-256 67b2775e52ca43fb045ea7b0d25135e7b446afdce1f45f2ae02ab50ee20c833e

See more details on using hashes here.

Provenance

The following attestation bundles were made for ggscout-0.22.0-py3-none-musllinux_1_2_aarch64.whl:

Publisher: build_release_matrix.yml on GitGuardian/ggscout

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file ggscout-0.22.0-py3-none-manylinux_2_28_aarch64.whl.

File metadata

File hashes

Hashes for ggscout-0.22.0-py3-none-manylinux_2_28_aarch64.whl
Algorithm Hash digest
SHA256 3918a9443240822f39920202947d6c05f4984e765b35a64f22b2d6f2e0025eb3
MD5 5a583c72f5ec38891c8b76a6da73b064
BLAKE2b-256 162f2c58908759bad535361445a8f290e5d8ad77e3c1aad8289950633096fd80

See more details on using hashes here.

Provenance

The following attestation bundles were made for ggscout-0.22.0-py3-none-manylinux_2_28_aarch64.whl:

Publisher: build_release_matrix.yml on GitGuardian/ggscout

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file ggscout-0.22.0-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.

File metadata

File hashes

Hashes for ggscout-0.22.0-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
Algorithm Hash digest
SHA256 15399e59de9529c2c018ed810689ac87379b7db173511196a04102cbb68be543
MD5 55a40c9fb6143b76289a47caca65117a
BLAKE2b-256 e49c52e95f6d5f6575ff58e39228dff5002566aa3c429702ce6538f8d621406e

See more details on using hashes here.

Provenance

The following attestation bundles were made for ggscout-0.22.0-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl:

Publisher: build_release_matrix.yml on GitGuardian/ggscout

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file ggscout-0.22.0-py3-none-macosx_11_0_arm64.whl.

File metadata

File hashes

Hashes for ggscout-0.22.0-py3-none-macosx_11_0_arm64.whl
Algorithm Hash digest
SHA256 2c2fd562b165230e7b9e6efa51e173a0b23fc5fec3be7aee6562a9c09bcf975e
MD5 b2a8ad608be57c329b885f7ec2249494
BLAKE2b-256 4f762af94a2f2433337ac3e1796dcd18bed31d85be3b2d88ff392466e1e600ac

See more details on using hashes here.

Provenance

The following attestation bundles were made for ggscout-0.22.0-py3-none-macosx_11_0_arm64.whl:

Publisher: build_release_matrix.yml on GitGuardian/ggscout

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file ggscout-0.22.0-py3-none-macosx_10_12_x86_64.whl.

File metadata

File hashes

Hashes for ggscout-0.22.0-py3-none-macosx_10_12_x86_64.whl
Algorithm Hash digest
SHA256 44d5635dde8467172d401000090ffeb5a2e890dff48606dcb00fcad20f08c3eb
MD5 c8a40733acc9f3cff102587c9e785a79
BLAKE2b-256 89298681f6609fed00b61c113292e411d39499eab4c90559762c033d165709b6

See more details on using hashes here.

Provenance

The following attestation bundles were made for ggscout-0.22.0-py3-none-macosx_10_12_x86_64.whl:

Publisher: build_release_matrix.yml on GitGuardian/ggscout

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page